system
August 9, 2005, 3:24am
1
Hello everyone
I’ve been having alot of trouble lately with my computer , mainly becoming veryyyy slow !
I ran my Hijack This , and then proceeded to find help for all the unknown files it seemed to find.
Unfortunately I have no idea where to begin ??? or what to fix/delete and was wondering if I could ask for you help ? I have posted my log file (in 2 parts ) below.
Thank you in advance
Daintymist
system
August 9, 2005, 3:25am
2
Logfile of HijackThis v1.97.7
Scan saved at 11:50:53 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\exsscc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\CNMVS2t6.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\WINNT\system32?hkdsk.exe
C:\Documents and Settings\Owner\Application Data\dees.exe
C:\PROGRA~1\COMMON~1\AOL\110799~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110799~1\EE\AOLServiceHost.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINNT\system32\eog.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\System32\Awdzm.exe
C:\WINNT\System32\Awdzm.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for
hijackthis.zip\HijackThis.exe
system
August 9, 2005, 3:27am
3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50171
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA614A8-F732-85C8-1A3C-D038004990C2} -
C:\WINNT\system32\yll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} -
C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} -
C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID:
/CLASS:Keyboard /RunValue:“Keyboard Preload Check”
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM..\Run: [Gateway Ink Monitor] “C:\Program Files\Gateway
Utilities\GWInkMonitor.exe”
O4 - HKLM..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM..\Run: [ccApp] “c:\Program Files\Common Files\Symantec
Shared\ccApp.exe”
O4 - HKLM..\Run: [Lexmark 3100 Series] “C:\Program Files\Lexmark 3100
Series\lxbrbmgr.exe”
O4 - HKLM..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM..\Run: [EZIGSV] C:\documents and settings\owner\local
settings\temp\EZIGSV.exe
O4 - HKLM..\Run: [xjgzul] C:\WINNT\System32\exsscc.exe
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM..\Run: [wFSFkT5] C:\documents and settings\owner\local
settings\temp\wFSFkT5.exe
O4 - HKLM..\Run: [iK8Bz9l] C:\documents and settings\owner\local
settings\temp\iK8Bz9l.exe
O4 - HKLM..\Run: [FBLXXO] C:\documents and settings\owner\local
settings\temp\FBLXXO.exe
O4 - HKLM..\Run: [cNqzVo1v] C:\documents and settings\owner\local
settings\temp\cNqzVo1v.exe
O4 - HKLM..\Run: [2SWZKN82R5K47C] C:\WINNT\system32\Kvbi1.exe
O4 - HKLM..\Run: [H9] C:\documents and settings\owner\local
settings\temp\H9.exe
O4 - HKLM..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM..\Run: [9CX] C:\documents and settings\owner\local
settings\temp\9CX.exe
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM..\Run: [d01feebefc9e] C:\WINNT\System32\CNMVS2t6.exe
O4 - HKLM..\Run: [u36Q3th] wmaus.exe
O4 - HKLM..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1107994884\EE\AOLHostManager.exe
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM..\Run: [AOL Spyware Protection]
“C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe”
-atboottime
O4 - HKLM..\Run: [Preview AdService] C:\Program Files\Preview
AdService\PrevAdServ.exe
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common
Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM..\Run: [eog] C:\WINNT\system32\eog.exe
O4 - HKCU..\Run: [f0p4RjN4P] wmiideo.exe
O4 - HKCU..\Run: [Tyvyblea] C:\WINNT\system32?hkdsk.exe
O4 - HKCU..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU..\Run: [DWHeartbeatMonitor]
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU..\Run: [Ltho] C:\Documents and Settings\Owner\Application
Data\dees.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe”
-quiet
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 - Extra ‘Tools’ menuitem: MaxSpeed (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra ‘Tools’ menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} -
http://bannerfarm.ace.advertising.com/bannerfarm/47041/VBouncerOuter1141040727.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper)
system
August 9, 2005, 5:19am
4
Hi there, I suggest you use the online hijack log scanner:
http://www.hijackthis.de/
Please ignore the 023 regarding about avast! cause that’s a error from hijackthis
I notice you have alot of programs (that might be the reason why it’s getting slow) but I havn’t seen any antivirus (except that Norton toolbar). I’m also not seeing any firewalls, are you using any firewalls on your PC? ???
Eddy
August 9, 2005, 6:39am
5
See THIS PAGE for everything you need (to know) about the HJT log
system
August 11, 2005, 2:10am
6
Thank you both for responding
I am currently renewing my Nortons antivirus and will definately run the online hijack … should I re-post the new log file here again for further help in what should be deleted ?
I’m not sure but didn’t you use avast?