Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

hijk log need help 1

Status
Not open for further replies.
besfirst

besfirst

Instructor
Aug 10, 2002
14
0
0
US
WinXP HPavillion: have run CWShredder with fix but found none. Have run spybot and adware pers and finds things deleting them can get everything but DSO Exploit and Power Scan (even in restart cannot remove these) and have deleted or uninstalled manually everything that I can removing folders and under software in regedit. Uncheck things in startup menu but they repopulate. Cannot run an on-line Panda Scan for virus because it says the drive is full or activeX unable to install. Cannot run windows update...gives message 0xP00B 0001. There are xp updates present. Have not attemped to run SP2 from disk yet, was hoping to get the system running smoothly and update drivers first.

Orginal symptom: system runs at a crawl=standstill including any program clicked on or just the mouse moving across the screen.

Now symptom: system chugs when online but after cleaning is fine until reintroduced to online environment. Process that seems to be taking up 100% CPU is msmsgr.exe with flurry of svhost.exe and explore.exe flying.

Logfile of HijackThis v1.98.2
Scan saved at 6:25:13 PM, on 10/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svxhost.exe
C:\WINDOWS\System32\setver32.exe
C:\WINDOWS\System32\syshelper.exe
C:\WINDOWS\System32\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {38DA6A7A-B013-00C5-845A-62557E802C6C} - C:\WINDOWS\System32\rws.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [WindowsRegKey Autoupdate] explorer.exe
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Windows secure] setver32.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [AF3B811F] C:\WINDOWS\System32\yrxepdpeawehvk.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winupdate.exe
O4 - HKLM\..\RunServices: [WindowsRegKey Autoupdate] explorer.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [System Startup] voltio.exe
O4 - HKLM\..\RunServices: [Windows secure] setver32.exe
O4 - HKLM\..\RunServices: [MSChoExE] suge.exe
O4 - HKLM\..\RunServices: [Microsoft upnp Update] msie.exe
O4 - HKLM\..\RunServices: [Norton AV Update] Nortonupd.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKLM\..\RunServices: [Windows System Serivce] winserv.exe
O4 - HKLM\..\RunServices: [Video Process] sayvosl.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [Windows XP Service Pack 2] sp2update.exe
O4 - HKLM\..\RunOnce: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunOnce: [Windows secure] setver32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Wyxn] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsRegKey Autoupdate] explorer.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Windows secure] setver32.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\RunServices: [Video Process] sayvosl.exe
O4 - HKCU\..\RunOnce: [SVX Control Service] svxhost.exe
O4 - HKCU\..\RunOnce: [Windows secure] setver32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
If more info is needed, please ask-this is first time I have asked for help here. (Although I read tons out here!)
Thanks in advance

Jeanne
jeanne@mysoftwarecoach.com
 
Sort by date Sort by votes
Thanks a bunch...I didn't know that was there. I have a list now to attack these bad boys. And leave the good stuff in place!

I will see if getting rid of all the Red ones and yellow that seem bad will fix the problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
74
BionicJohn
BionicJohn
eightoheight
  • Locked
  • Question
Need help removing virus.
Replies
6
Views
126
goombawaho
goombawaho
waikhu
  • Locked
  • Question
Somebody help me out, when my pc st
Replies
3
Views
58
kjv1611
kjv1611
Sentrif
  • Locked
  • Question
New laptop win7, antivirus needed 2
2
Replies
21
Views
153
goombawaho
goombawaho
electricpete
  • Locked
  • Question
ComboFix log 2
Replies
15
Views
154
electricpete
electricpete

Part and Inventory Search

Sponsor

Back
Top