PDA

View Full Version : Need Help Here!!!



trublu1217
2006-08-29, 02:15
Hi!

Could anyone help me with this?

My system is running very slow especially when booting up. Just wanna make sure no unwanted things in it...

Thanks in advance!!!




Logfile of HijackThis v1.99.1
Scan saved at 7:08:49 AM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\UPAD42.EXE
C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe
C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\Client Access\CWBPROVD.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IBM\Client Access\CWBCSD.EXE
C:\Program Files\Portal Software\Administrator\AdminMgr.exe
C:\Program Files\Portal Software\Administrator\AdminMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\IBM\Client Access\Emulator\pcsws.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSCM.EXE
C:\Documents and Settings\XITRIX\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bayantelportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.xitrix.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = prodrocpnf01:8080
F2 - REG:system.ini: UserInit=C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe,C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe,C:\PROGRA~1\IBM\CLIENT~1\cwbprovd.exe,C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 172.17.29.234 reports.bayan
O1 - Hosts: 172.17.29.127 corpweb.bayan
O1 - Hosts: 172.17.29.134 bayantelportal
O1 - Hosts: 172.17.27.44 prodrocavs01
O1 - Hosts: 172.17.29.95 prodrocfnp01
O1 - Hosts: 172.17.29.33 devrocmon01.bayantel.com.ph
O1 - Hosts: 172.17.29.22 bayan1
O1 - Hosts: 172.17.29.24 bayan2
O1 - Hosts: 172.17.29.31 bayan3
O1 - Hosts: 172.16.9.242 bayan6
O1 - Hosts: 172.17.29.12 bayan7
O1 - Hosts: 172.17.29.27 bayan8
O1 - Hosts: 172.19.9.220 bayan11
O1 - Hosts: 172.17.29.123 bti08.bayan
O1 - Hosts: 172.17.29.2 bayantel_mail_1
O1 - Hosts: 172.17.29.109 bayantel_mail_2
O1 - Hosts: 202.78.70.169 bayantel_mail_6
O1 - Hosts: 172.17.29.7 bayantel_mail_7
O1 - Hosts: 172.17.29.1 notes_mail_server
O1 - Hosts: 172.17.29.162 prodrocvx01
O1 - Hosts: 172.17.29.164 prodrocvx02
O1 - Hosts: 172.17.29.96 prodrocex01
O1 - Hosts: 172.17.29.182 ICMSPROD
O1 - Hosts: 172.16.9.245 ICMSBACK
O1 - Hosts: 172.16.9.244 ICMS_KNOWLEDGEBASE
O1 - Hosts: 172.16.10.212 kat1
O1 - Hosts: 172.16.10.213 kat2
O1 - Hosts: 172.17.29.41 voyager
O1 - Hosts: 172.18.9.212 proj8
O1 - Hosts: 172.17.29.42 rsvt2
O1 - Hosts: 172.17.29.40 rsvt_toll
O1 - Hosts: 172.22.1.212 legaspi
O1 - Hosts: 172.18.7.212 naga
O1 - Hosts: 172.18.6.212 Butuan
O1 - Hosts: 172.18.5.212 evtelco
O1 - Hosts: 172.22.3.216 Davao1
O1 - Hosts: 172.20.3.216 Gensan1
O1 - Hosts: 172.17.29.219 bbmsbayans1.bayantel.com.ph
O1 - Hosts: 172.17.29.219 bbmsbayans1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunOnce: [Execute] C:\WINDOWS\System32\Tools\DelFolders.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Reboot.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://bayantelportal
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123493250625
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bayantel.com
O17 - HKLM\Software\..\Telephony: DomainName = Bayantel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Bayantel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Bayantel.com
O20 - Winlogon Notify: winzqn32 - C:\WINDOWS\SYSTEM32\winzqn32.dll
O23 - Service: Client Access Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

tashi
2006-09-02, 22:50
Hello,

If you have not resolved the problem, we have this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

tashi
2006-09-06, 08:07
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.