Another Hijackthis log - windows 2000

Hi guys.

I'm just sorting out a friend's win 2000 machine which is running slowly - well IE is very slow indeed and unwanted popups for singles companies and all sorts of other junk are coming up.

I have run Adaware and Spybot S & D and now I have run hijackthis and this is the log I get. Any help on sorting ths machine out would be great.

thanks, christo

Logfile of HijackThis v1.97.7
Scan saved at 22:04:58, on 2004-11-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\documents and settings\camilla\local settings\temp\Mu.exe
C:\documents and settings\camilla\local settings\temp\summt.exe
C:\WINNT\system32\dsquery2.exe
C:\winnt\system32\saie.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\GbqupP4T.exe
C:\WINNT\system32\JoqJTFW6.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\camilla\Local Settings\Temp\KWIvFAX.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [summt.exe] C:\documents and settings\camilla\local settings\temp\summt.exe
O4 - HKLM\..\Run: [417a169b8ac1] C:\WINNT\system32\dsquery2.exe
O4 - HKLM\..\Run: [38CSJTW3W2LFM8] C:\WINNT\system32\Bsbj0i6.exe
O4 - HKLM\..\Run: [saie] c:\winnt\system32\saie.exe
O4 - HKLM\..\Run: [sdyf] C:\WINNT\sdyf.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: 50 FREE MP3s! (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38176.204849537

Hi christo,

Please have your friend update HijackThis, you are using an outdated version:

Open HijackThis, click Config > Misc Tools > Check for Update online

Or download a copy of version 1.98.2 at:

http://www.majorgeeks.com/download3155.html

Please move or unzip HijackThis to a permanent folder such as C:\HJT It is important that it is in it's own folder as it will make important backups of what we will fix.

Please go to Start > My Computer > double-click your C:\ drive > click: File > New > Folder > name it HJT and put HijackThis into that folder.

Post a fresh log with this new version.

Tom

ok tom,

I have just nipped back to my frienid's place and I have a new hjt log for your merry perusal. I have also put hjt.exe into it's own folder as suggested.

here's the log

Logfile of HijackThis v1.98.2
Scan saved at 13:37:54, on 2004-11-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\documents and settings\camilla\local settings\temp\summt.exe
C:\winnt\system32\saie.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\GbqupP4T.exe
C:\WINNT\system32\LgnJ8V3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Administrator\Local Settings\Temp\T.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [summt.exe] C:\documents and settings\camilla\local settings\temp\summt.exe
O4 - HKLM\..\Run: [417a169b8ac1] C:\WINNT\system32\dsquery2.exe
O4 - HKLM\..\Run: [38CSJTW3W2LFM8] C:\WINNT\system32\Kxz2Xd2b.exe
O4 - HKLM\..\Run: [saie] c:\winnt\system32\saie.exe
O4 - HKLM\..\Run: [sdyf] C:\WINNT\sdyf.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com/?fref=149031 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{991F8709-E6F8-4665-A197-8FC6C5B7500B}: NameServer = 195.82.96.40 195.82.96.6


Hope that you can get something from this. I really do appreciate your help.

thanks

christo

okay..

well I got curious, read the instructions and fixed it myself. The machine is running much more smoothly now. I think there may be a couple of things still popping up very occasionally, but I'm pretty happy for now.

Will post back if any more symptoms persist.

Thanks for pointing me in the right direction, Tom

christo

Glad you worked it out. Keep in mind there were several possible viruses and trojans in the log!

Tom