New and in need of help please

Hello everyone :slight_smile:

I’ve been having alot of trouble lately with my computer , mainly becoming veryyyy slow !
I ran my Hijack This , and then proceeded to find help for all the unknown files it seemed to find.
Unfortunately I have no idea where to begin ??? or what to fix/delete and was wondering if I could ask for you help ? I have posted my log file (in 2 parts ) below.

Thank you in advance
Daintymist

Logfile of HijackThis v1.97.7
Scan saved at 11:50:53 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\exsscc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\CNMVS2t6.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\WINNT\system32?hkdsk.exe
C:\Documents and Settings\Owner\Application Data\dees.exe
C:\PROGRA~1\COMMON~1\AOL\110799~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110799~1\EE\AOLServiceHost.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINNT\system32\eog.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\System32\Awdzm.exe
C:\WINNT\System32\Awdzm.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50171
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA614A8-F732-85C8-1A3C-D038004990C2} -
C:\WINNT\system32\yll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} -
C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} -
C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID:
/CLASS:Keyboard /RunValue:“Keyboard Preload Check”
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM..\Run: [Gateway Ink Monitor] “C:\Program Files\Gateway
Utilities\GWInkMonitor.exe”
O4 - HKLM..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM..\Run: [ccApp] “c:\Program Files\Common Files\Symantec
Shared\ccApp.exe”
O4 - HKLM..\Run: [Lexmark 3100 Series] “C:\Program Files\Lexmark 3100
Series\lxbrbmgr.exe”
O4 - HKLM..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM..\Run: [EZIGSV] C:\documents and settings\owner\local
settings\temp\EZIGSV.exe
O4 - HKLM..\Run: [xjgzul] C:\WINNT\System32\exsscc.exe
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM..\Run: [wFSFkT5] C:\documents and settings\owner\local
settings\temp\wFSFkT5.exe
O4 - HKLM..\Run: [iK8Bz9l] C:\documents and settings\owner\local
settings\temp\iK8Bz9l.exe
O4 - HKLM..\Run: [FBLXXO] C:\documents and settings\owner\local
settings\temp\FBLXXO.exe
O4 - HKLM..\Run: [cNqzVo1v] C:\documents and settings\owner\local
settings\temp\cNqzVo1v.exe
O4 - HKLM..\Run: [2SWZKN82R5K47C] C:\WINNT\system32\Kvbi1.exe
O4 - HKLM..\Run: [H9] C:\documents and settings\owner\local
settings\temp\H9.exe
O4 - HKLM..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM..\Run: [9CX] C:\documents and settings\owner\local
settings\temp\9CX.exe
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM..\Run: [d01feebefc9e] C:\WINNT\System32\CNMVS2t6.exe
O4 - HKLM..\Run: [u36Q3th] wmaus.exe
O4 - HKLM..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1107994884\EE\AOLHostManager.exe
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM..\Run: [AOL Spyware Protection]
“C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe”
-atboottime
O4 - HKLM..\Run: [Preview AdService] C:\Program Files\Preview
AdService\PrevAdServ.exe
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common
Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM..\Run: [eog] C:\WINNT\system32\eog.exe
O4 - HKCU..\Run: [f0p4RjN4P] wmiideo.exe
O4 - HKCU..\Run: [Tyvyblea] C:\WINNT\system32?hkdsk.exe
O4 - HKCU..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU..\Run: [DWHeartbeatMonitor]
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU..\Run: [Ltho] C:\Documents and Settings\Owner\Application
Data\dees.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe”
-quiet
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 - Extra ‘Tools’ menuitem: MaxSpeed (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra ‘Tools’ menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} -
http://bannerfarm.ace.advertising.com/bannerfarm/47041/VBouncerOuter1141040727.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper)

Hi there, I suggest you use the online hijack log scanner:

http://www.hijackthis.de/

Please ignore the 023 regarding about avast! cause that’s a error from hijackthis

I notice you have alot of programs (that might be the reason why it’s getting slow) but I havn’t seen any antivirus (except that Norton toolbar). I’m also not seeing any firewalls, are you using any firewalls on your PC? ???

See THIS PAGE for everything you need (to know) about the HJT log

Thank you both for responding :slight_smile:

I am currently renewing my Nortons antivirus and will definately run the online hijack … should I re-post the new log file here again for further help in what should be deleted ?

I’m not sure but didn’t you use avast?