MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Win2000 Error Messages / HJT Log
November 18, 2019, 12:15:25 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 18, 2019, 12:15:25 PM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Win2000 Error Messages / HJT Log  (Read 1671 times)
Toddler1904
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« on: October 27, 2005, 04:11:16 PM »

Hello,

I am in desperate need of some help.  My machine is not running well at all.  When I boot up my machine I am receiving two error messages, one for CIMgr.exe and one for Explorer.exe, both error messages state that the application has failed and that they will need to be restarted.  I have tried commands with the System File Checker for sfc/scannow and sfc/quite to fix these problems with no avail.  I was hoping not to have to reload Windows.  Any suggestions?

Also, my machine has other mal-ware funk that I cannot remove with Ad-Ware or SpyBot-Search and Destroy, so I have made a HJT log and pasted it below.  Note:  Since I am receiving the Explorer.exe error message all applications are not booting up.  Thus, the application list is not complete.

Thank you for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:15:04 PM, on 10/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\BootStrap Agent\Bsa.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\LDCM\bin\ssm.exe
C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\iscvu.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\iscvu.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [y2iXhP.exe] C:\documents and settings\todd\local settings\temp\y2iXhP.exe
O4 - HKLM\..\Run: [z0dsj5X.exe] C:\documents and settings\todd\local settings\temp\z0dsj5X.exe
O4 - HKLM\..\Run: [wstj3sX] ldcrmres.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [icasServ] C:\WINNT\system32\icasServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = Documents and Settings\scintilla\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = los-alamos.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{0251DBFD-2C43-4867-9E9B-85C39ADE7224}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{054E6D30-A144-48C7-8D56-07712146AF6B}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = los-alamos.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{0251DBFD-2C43-4867-9E9B-85C39ADE7224}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = los-alamos.net
O21 - SSODL: Adobe Acrobat 5.0 - {464CBF06-7931-6BD0-D85F-A3F496C5B56B} - c:\program files\adobe\acrobat 5.0\acrobat\wznmbx4.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\Documents and Settings\todd.TODD\Application Data\Microsoft\dcom_9.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel Bootstrap Agent - Intel Corporation - C:\Program Files\Intel\BootStrap Agent\Bsa.exe
O23 - Service: Intel CI Manager - Intel(R) Corporation - C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel IIDS - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel SSM - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: win32sl - Smart Technology Enablers - C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 28, 2005, 01:44:39 AM »

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = los-alamos.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{0251DBFD-2C43-4867-9E9B-85C39ADE7224}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{054E6D30-A144-48C7-8D56-07712146AF6B}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = los-alamos.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{0251DBFD-2C43-4867-9E9B-85C39ADE7224}: NameServer = 85.255.115.115,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = los-alamos.net


Click Fix Checked.



Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again and then post a new log for further cleaning...
Logged

An Australian Member of

EDDY
Toddler1904
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: October 28, 2005, 03:52:13 PM »

Okay - I have completed the instructions above and my machine is running better.  I have had to run fixwareout.exe twice to get the explorer.exe error message to go away after reboot, but now my Internet Explorer (states that server cannot be found) will not load some pages and likes to shut down.  FYI if I use the Task Manager and end the explorer.exe process, Internet Explorer works just fine.  This is what I had to do to get this page to load.

Here are the logs from the fixwareout.exe and a new HJT log.

Fixwareout ver 1.002
Post this report in the forums please
 
Reg Entries that were deleted
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
« Last Edit: November 02, 2005, 09:36:36 PM by Toddler1904 » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: November 03, 2005, 04:08:53 AM »

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes



Download any of the required programs before attempting to start any of the fixes.




SHOW HIDDEN FILES AND FOLDERS.
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Like Current Folder button at top | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.
 Folders that have been highlighted RED will need to be uninstalled.
  -----------------------------------------------------------------------
Download Killbox v2.0.0.175 and unzip the file to your Desktop and have it ready to use.
-------------------------------------

Please download Ewido Security Suite and do a scan when all other fixes have been done.Do this in Safe Mode.

 Install Ewido Security Suite.
 When installing, under 'Additional Options' uncheck: "Install background guard" and  "Install scan via context menu"

To open the main screen double click the icon on the desktop.
 
 You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

 Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
 
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.


------------------------------------------------------------------------------

Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------





Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each one if they are still listed.

dmbou.exe
casServ.exe
dmhxb.exe
 ldcrmres.exe
y2iXhP.exe
z0dsj5X.exe

-----------------------------------------------------------------


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [y2iXhP.exe] C:\documents and settings\todd\local settings\temp\y2iXhP.exe
O4 - HKLM\..\Run: [z0dsj5X.exe] C:\documents and settings\todd\local settings\temp\z0dsj5X.exe
O4 - HKLM\..\Run: [wstj3sX] ldcrmres.exe
O4 - HKLM\..\Run: [dmbou.exe] C:\WINNT\system32\dmbou.exe
O4 - HKLM\..\Run: [icasServ] C:\WINNT\system32\icasServ.exe
O4 - HKLM\..\Run: [dmhxb.exe] C:\WINNT\system32\dmhxb.exe
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\Documents and Settings\todd.TODD\Application Data\Microsoft\dcom_9.dll



 ---------------------------------------------------------------------------
Now use KillBox

Right click and drag your cursor over the below files to highlight them and then.use Control+C to copy them to the clipboard..Open KILLBOX and go to File and click on"Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there) . Then checkmark the "Delete on Reboot" box..and click the red X.  You will get a message saying "File will be deleted on next reboot" , Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.  

C:\WINNT\system32\dmbou.exe
 C:\WINNT\system32\icasServ.exe
 C:\WINNT\system32\dmhxb.exe
C:\WINNT\system32\ldcrmres.exe
C:\documents and settings\todd\local settings\temp\y2iXhP.exe
 C:\documents and settings\todd\local settings\temp\z0dsj5X.exe
 C:\Documents and Settings\todd.TODD\Application Data\Microsoft\dcom_9.dll


------------------------------------------------------------------------

 
Restart your computer and post a new HijackThis log

« Last Edit: November 03, 2005, 04:14:11 AM by Pancake » Logged

An Australian Member of

EDDY
Toddler1904
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: November 03, 2005, 11:46:50 PM »

I have completed the fixes listed above
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 04, 2005, 01:23:52 AM »

quote:
C:\WINNT\system32\ldcrmres.exe (I did find similar files in the system32 folder
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 08, 2017, 02:07:54 AM