-
was there any problem with bfu.zip bfu.exe and qoolfix.bat ?
Are C:\bfu\BFU.exe and c:\BFU\qoofix.bat present ?
It doesnt appear to have been used correctly
-
The files are there and I did not have any problems running them. Should I try to run them again?
-
Run c:\BFU\qoofix.bat choose autofix
Fallow the prompts, you should get a prompt to restart the PC (did you ?) , choose yes
after the restart make and post a new hiajckthis log.
-
When I restarted, it told me that BFU was not responding and I had to end the task. This is probably what went wrong. Here is the Hijack this anyways...
Logfile of HijackThis v1.99.1
Scan saved at 11:37:26 PM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\pipc\BIN\pilogsrv.exe
C:\Program Files\pipc\BIN\pinetmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\pipc\BIN\pimsgss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\HIJACK THIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Danisco A/S
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80;https=127.0.0.1:80;ftp=127.0.0.1:80;gopher=127.0.0.1:80;socks=127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.danisco.com;<local>
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\aeavn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lyhaxyu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [jlnjnr] C:\WINDOWS\System32\jtjrnt.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [fiulo] C:\WINDOWS\System32\jtjrnt.exe reg_run
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DLO Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad1.danisco.com
O17 - HKLM\Software\..\Telephony: DomainName = ad1.danisco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad1.danisco.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\Program Files\pipc\BIN\pilogsrv.exe
O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\Program Files\pipc\BIN\pimsgss.exe
O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\Program Files\pipc\BIN\pinetmgr.exe
O23 - Service: Symantec Backup Exec DLO Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
-
That helps explain it, although im unsure why it would hang
Scan and fix these items with hijackthis
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\aeavn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lyhaxyu.exe
O4 - HKLM\..\Run: [jlnjnr] C:\WINDOWS\System32\jtjrnt.exe reg_run
O4 - HKCU\..\Run: [fiulo] C:\WINDOWS\System32\jtjrnt.exe reg_run
===================
Restart your PC for the changes to take effect.
Replace the Hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated
Unless there are problems now ?, post back in a few days and let us know how your pc is acting.
-
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
