Tech Support Forum - View Single Post - Hijacklog attached-Something has my computer

itsmenks · 04-11-2005, 11:39 AM

Hi, I need help trying to get my computer straightened out. It has something always running on it and it moves slooow. Could someone please help me? Thanks for any advice!

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:21:51 PM, on 4/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\fxsvc.exe
C:\WINNT\system32\ServUDaemon.exe
C:\WINNT\system32\stivc.exe
C:\WINNT\system32\win32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\system32\imfjpgnhzmsmre.exe
C:\WINNT\system32\winmotel.exe
C:\WINNT\system32\win32.exe
C:\QUICKENW\QWDLLS.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\stivc.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Ohipa] C:\winnt\system32\sinor.exe
O4 - HKLM\..\Run: [jidifedig] xudexoli.exe
O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [Configuration32 Loader32] win32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [MS Windows Update] imfjpgnhzmsmre.exe
O4 - HKLM\..\Run: [stone] stone.exe
O4 - HKLM\..\Run: [REMOTEL] C:\WINNT\system32\winmotel.exe
O4 - HKLM\..\Run: [qgqqft] C:\WINNT\SYSTEM32\yaheh.exe
O4 - HKLM\..\Run: [sibawerix] tomup.exe
O4 - HKLM\..\Run: [Configuration Firewal Loader] msgerfix32.exe
O4 - HKLM\..\Run: [vadseinst] C:\WINNT\SYSTEM32\otujupeci.exe
O4 - HKLM\..\Run: [halit] relaxx.exe
O4 - HKLM\..\Run: [Uwezig] C:\WINNT\SYSTEM32\humom.exe
O4 - HKLM\..\Run: [Pornfolio] ioande.exe
O4 - HKLM\..\Run: [Navigator Wininet] wininet.exe
O4 - HKLM\..\Run: [vdsadasw] C:\WINNT\SYSTEM32\utycejapy.exe
O4 - HKLM\..\Run: [ikowefew.exe] toxeniryc.exe
O4 - HKLM\..\Run: [azafy] etyz.exe
O4 - HKLM\..\RunServices: [jidifedig] xudexoli.exe
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] win32.exe
O4 - HKLM\..\RunServices: [MS Windows Update] imfjpgnhzmsmre.exe
O4 - HKLM\..\RunServices: [stone] stone.exe
O4 - HKLM\..\RunServices: [sibawerix] tomup.exe
O4 - HKLM\..\RunServices: [Configuration Firewal Loader] msgerfix32.exe
O4 - HKLM\..\RunServices: [halit] relaxx.exe
O4 - HKLM\..\RunServices: [Pornfolio] ioande.exe
O4 - HKLM\..\RunServices: [Navigator Wininet] wininet.exe
O4 - HKLM\..\RunServices: [ikowefew.exe] toxeniryc.exe
O4 - HKLM\..\RunServices: [azafy] etyz.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [jidifedig] xudexoli.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] win32.exe
O4 - HKCU\..\Run: [sibawerix] tomup.exe
O4 - HKCU\..\Run: [halit] relaxx.exe
O4 - HKCU\..\Run: [Pornfolio] ioande.exe
O4 - HKCU\..\Run: [Navigator Wininet] wininet.exe
O4 - HKCU\..\Run: [ikowefew.exe] toxeniryc.exe
O4 - HKCU\..\Run: [azafy] etyz.exe
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O23 - Service: CWShredder Service - InterMute, Inc. - C:\program files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: fxSVC (fxScanner) - Unknown owner - C:\WINNT\fxsvc.exe
O23 - Service: radmm - Unknown owner - C:\WINNT\System32\r_server.exe (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\WINNT\system32\ServUDaemon.exe
O23 - Service: system............system.system........................................................................................... (system) - Unknown owner - C:\WINNT\system32\System.exe (file missing)

End of KRC HijackThis Analyzer Log.
====================================================================

04-11-2005, 11:39 AM	#1 (permalink)
itsmenks Registered User Join Date: Apr 2005 Posts: 9 OS: Win2000	Hijacklog attached-Something has my computer Hi, I need help trying to get my computer straightened out. It has something always running on it and it moves slooow. Could someone please help me? Thanks for any advice! ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 1:21:51 PM, on 4/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\SYSTEM32\DNTUS26.EXE C:\WINNT\fxsvc.exe C:\WINNT\system32\ServUDaemon.exe C:\WINNT\system32\stivc.exe C:\WINNT\system32\win32.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINNT\system32\imfjpgnhzmsmre.exe C:\WINNT\system32\winmotel.exe C:\WINNT\system32\win32.exe C:\QUICKENW\QWDLLS.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\stivc.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [Ohipa] C:\winnt\system32\sinor.exe O4 - HKLM\..\Run: [jidifedig] xudexoli.exe O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe O4 - HKLM\..\Run: [asejet] uyohuvax.exe O4 - HKLM\..\Run: [Configuration32 Loader32] win32.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [MS Windows Update] imfjpgnhzmsmre.exe O4 - HKLM\..\Run: [stone] stone.exe O4 - HKLM\..\Run: [REMOTEL] C:\WINNT\system32\winmotel.exe O4 - HKLM\..\Run: [qgqqft] C:\WINNT\SYSTEM32\yaheh.exe O4 - HKLM\..\Run: [sibawerix] tomup.exe O4 - HKLM\..\Run: [Configuration Firewal Loader] msgerfix32.exe O4 - HKLM\..\Run: [vadseinst] C:\WINNT\SYSTEM32\otujupeci.exe O4 - HKLM\..\Run: [halit] relaxx.exe O4 - HKLM\..\Run: [Uwezig] C:\WINNT\SYSTEM32\humom.exe O4 - HKLM\..\Run: [Pornfolio] ioande.exe O4 - HKLM\..\Run: [Navigator Wininet] wininet.exe O4 - HKLM\..\Run: [vdsadasw] C:\WINNT\SYSTEM32\utycejapy.exe O4 - HKLM\..\Run: [ikowefew.exe] toxeniryc.exe O4 - HKLM\..\Run: [azafy] etyz.exe O4 - HKLM\..\RunServices: [jidifedig] xudexoli.exe O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe O4 - HKLM\..\RunServices: [Configuration32 Loader32] win32.exe O4 - HKLM\..\RunServices: [MS Windows Update] imfjpgnhzmsmre.exe O4 - HKLM\..\RunServices: [stone] stone.exe O4 - HKLM\..\RunServices: [sibawerix] tomup.exe O4 - HKLM\..\RunServices: [Configuration Firewal Loader] msgerfix32.exe O4 - HKLM\..\RunServices: [halit] relaxx.exe O4 - HKLM\..\RunServices: [Pornfolio] ioande.exe O4 - HKLM\..\RunServices: [Navigator Wininet] wininet.exe O4 - HKLM\..\RunServices: [ikowefew.exe] toxeniryc.exe O4 - HKLM\..\RunServices: [azafy] etyz.exe O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe O4 - HKCU\..\Run: [jidifedig] xudexoli.exe O4 - HKCU\..\Run: [asejet] uyohuvax.exe O4 - HKCU\..\Run: [Configuration32 Loader32] win32.exe O4 - HKCU\..\Run: [sibawerix] tomup.exe O4 - HKCU\..\Run: [halit] relaxx.exe O4 - HKCU\..\Run: [Pornfolio] ioande.exe O4 - HKCU\..\Run: [Navigator Wininet] wininet.exe O4 - HKCU\..\Run: [ikowefew.exe] toxeniryc.exe O4 - HKCU\..\Run: [azafy] etyz.exe O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O23 - Service: CWShredder Service - InterMute, Inc. - C:\program files\InterMute\SpySubtract\CWShredder.exe O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE O23 - Service: fxSVC (fxScanner) - Unknown owner - C:\WINNT\fxsvc.exe O23 - Service: radmm - Unknown owner - C:\WINNT\System32\r_server.exe (file missing) O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\WINNT\system32\ServUDaemon.exe O23 - Service: system............system.system........................................................................................... (system) - Unknown owner - C:\WINNT\system32\System.exe (file missing) End of KRC HijackThis Analyzer Log. ====================================================================