Jump to content


Photo

Slow computer but its new


  • Please log in to reply
6 replies to this topic

#1 mmbc_voltron

mmbc_voltron

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 10 July 2004 - 02:17 PM

I have ran spysweeper and cwshredder and deleted a few things in Hijack this but need your help to tell me what else can be done.
spy sweeper keeps telling me my home page is trying to be change and some search funciton.
I ran Hijack This and here is my log......

Logfile of HijackThis v1.98.0
Scan saved at 12:12:37 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\apiri32.exe
C:\WINDOWS\addea32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\mike\Desktop\hijack\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hyrdf.dll/sp.html#44272
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hyrdf.dll/index.html#44272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hyrdf.dll/sp.html#44272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hyrdf.dll/sp.html#44272
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDplDeamon] nstask32.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [addea32.exe] C:\WINDOWS\addea32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 10 July 2004 - 02:20 PM

Hello please download About:Buster Version 1.27 and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.


Ducky

If this doesnt work, boot into safe mode and try. How to boot into safe mode?
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 mmbc_voltron

mmbc_voltron

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 11 July 2004 - 06:45 PM

Is there any chance this will fix the problem. Or can you tell me anything else I will need to do after I run the Buster.
I am fixing someone elses computer and the drive out to there house everytime I get a post back might not be worth it.

#4 mmbc_voltron

mmbc_voltron

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 11 July 2004 - 11:24 PM

I ran the Aboutbuster and returned an error.
Run-time error '339':
Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invaild

#5 mmbc_voltron

mmbc_voltron

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 11 July 2004 - 11:31 PM

also Spysweep keeps poping up with the startup shield that has detected new programs that start when windows starts.
apiri32.exe
javami.exe
d3ut.exe
sdkxr32.exe
ntjx.exe
apium.exe
I have selected all and deleted but they keep poping back.

#6 mmbc_voltron

mmbc_voltron

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 13 July 2004 - 10:52 AM

I got AboutBuster to run!
I don't know what log to post.
So here is ABoutBuster and HiJack.
Please follow up with what to do.


-- Scan 1 --------
About:Buster Version 1.27
Error Removing! : C:\WINDOWS\addea32.exe
Removed! : C:\WINDOWS\addfc.dll
Removed! : C:\WINDOWS\addnl32.dll
Removed! : C:\WINDOWS\afswn.dat
Removed! : C:\WINDOWS\agwdcl.dat
Removed! : C:\WINDOWS\apium.exe
Removed! : C:\WINDOWS\appbs.dll
Removed! : C:\WINDOWS\appyi32.dll
Removed! : C:\WINDOWS\atldq.exe
Removed! : C:\WINDOWS\axqqw.dat
Removed! : C:\WINDOWS\bbxqbm.dat
Removed! : C:\WINDOWS\biavgp.dat
Removed! : C:\WINDOWS\bibhbp.dat
Removed! : C:\WINDOWS\blnrqn.dat
Removed! : C:\WINDOWS\btzago.dat
Removed! : C:\WINDOWS\bufkn.dat
Removed! : C:\WINDOWS\bwgwdo.dat
Removed! : C:\WINDOWS\byyiav.dat
Removed! : C:\WINDOWS\ciiqzp.dat
Removed! : C:\WINDOWS\ckbpsl.dat
Removed! : C:\WINDOWS\cyzktk.dat
Removed! : C:\WINDOWS\d3ie32.dll
Removed! : C:\WINDOWS\dcikth.dat
Removed! : C:\WINDOWS\dimdic.dat
Removed! : C:\WINDOWS\dlfosq.dat
Removed! : C:\WINDOWS\dnqfu.dat
Removed! : C:\WINDOWS\dqnlno.dat
Removed! : C:\WINDOWS\dxvhyw.dat
Removed! : C:\WINDOWS\dzdiud.dat
Removed! : C:\WINDOWS\ebdaca.dat
Removed! : C:\WINDOWS\eeqmez.dat
Removed! : C:\WINDOWS\ehkynh.dat
Removed! : C:\WINDOWS\enrjd.dat
Removed! : C:\WINDOWS\exvksi.dat
Removed! : C:\WINDOWS\fdijf.dat
Removed! : C:\WINDOWS\fekbfm.dat
Removed! : C:\WINDOWS\fhspxe.dat
Removed! : C:\WINDOWS\fiwvw.dat
Removed! : C:\WINDOWS\fiwvw.dll
Removed! : C:\WINDOWS\fkqkh.dat
Removed! : C:\WINDOWS\fpltqs.dat
Removed! : C:\WINDOWS\gekxyy.dat
Removed! : C:\WINDOWS\gsvzix.dat
Removed! : C:\WINDOWS\gvygs.dat
Removed! : C:\WINDOWS\hbypst.dat
Removed! : C:\WINDOWS\hfjpq.dat
Removed! : C:\WINDOWS\hhpste.dat
Removed! : C:\WINDOWS\hokzpf.dat
Removed! : C:\WINDOWS\hyrdf.dll
Removed! : C:\WINDOWS\ibrvd.dat
Removed! : C:\WINDOWS\idfnby.dat
Removed! : C:\WINDOWS\ieyw32.exe
Removed! : C:\WINDOWS\ilpem.dat
Removed! : C:\WINDOWS\infrlu.dat
Removed! : C:\WINDOWS\intqfh.dat
Removed! : C:\WINDOWS\iphe32.dll
Removed! : C:\WINDOWS\ipyx32.dll
Removed! : C:\WINDOWS\isutyf.dat
Removed! : C:\WINDOWS\iweqvf.dat
Removed! : C:\WINDOWS\javaik.exe
Removed! : C:\WINDOWS\javami.exe
Removed! : C:\WINDOWS\javant.exe
Removed! : C:\WINDOWS\jlibco.dat
Removed! : C:\WINDOWS\jltdv.dat
Removed! : C:\WINDOWS\jresq.dat
Removed! : C:\WINDOWS\kachtp.dat
Removed! : C:\WINDOWS\kcqaa.dat
Removed! : C:\WINDOWS\kejqki.dat
Removed! : C:\WINDOWS\kextx.dat
Removed! : C:\WINDOWS\klazp.dat
Removed! : C:\WINDOWS\kljobk.dat
Removed! : C:\WINDOWS\kuwoda.dat
Removed! : C:\WINDOWS\kynfko.dat
Removed! : C:\WINDOWS\lbudcu.dat
Removed! : C:\WINDOWS\leqvpt.dat
Removed! : C:\WINDOWS\lviyf.dat
Removed! : C:\WINDOWS\lvvftc.dat
Removed! : C:\WINDOWS\lvxkt.dat
Removed! : C:\WINDOWS\lwrigc.dat
Removed! : C:\WINDOWS\lzolsa.dat
Removed! : C:\WINDOWS\mfcne32.dll
Removed! : C:\WINDOWS\mfcxn.dll
Removed! : C:\WINDOWS\mfxdwu.dat
Removed! : C:\WINDOWS\mpckwr.dat
Removed! : C:\WINDOWS\mskuwn.dat
Removed! : C:\WINDOWS\mstr.exe
Removed! : C:\WINDOWS\mtybia.dat
Removed! : C:\WINDOWS\mtzfw.dat
Removed! : C:\WINDOWS\nethm.dll
Removed! : C:\WINDOWS\netvq32.dll
Removed! : C:\WINDOWS\nhdpra.dat
Removed! : C:\WINDOWS\nrpitf.dat
Removed! : C:\WINDOWS\nttl.dll
Removed! : C:\WINDOWS\n_aoeyub.dat
Removed! : C:\WINDOWS\n_dimdic.dat
Removed! : C:\WINDOWS\n_gssxuu.dat
Removed! : C:\WINDOWS\n_habhpz.dat
Removed! : C:\WINDOWS\n_hmldqe.dat
Removed! : C:\WINDOWS\n_hnlupt.dat
Removed! : C:\WINDOWS\n_joaqcm.dat
Removed! : C:\WINDOWS\n_klvhqx.dat
Removed! : C:\WINDOWS\n_ksyfbr.dat
Removed! : C:\WINDOWS\n_kuwoda.dat
Removed! : C:\WINDOWS\n_njmaec.dat
Removed! : C:\WINDOWS\n_nkqmha.dat
Removed! : C:\WINDOWS\n_tklkzs.dat
Removed! : C:\WINDOWS\n_ttclwl.dat
Removed! : C:\WINDOWS\n_ycboar.dat
Removed! : C:\WINDOWS\n_yvcpmf.dat
Removed! : C:\WINDOWS\n_zdywkx.dat
Removed! : C:\WINDOWS\n_zxbpgp.dat
Removed! : C:\WINDOWS\obsuof.dat
Removed! : C:\WINDOWS\ocaef.dat
Removed! : C:\WINDOWS\oficpg.dat
Removed! : C:\WINDOWS\oluqwy.dat
Removed! : C:\WINDOWS\onrrx.dat
Removed! : C:\WINDOWS\ovctvx.dat
Removed! : C:\WINDOWS\oxlph.dat
Removed! : C:\WINDOWS\oxsbae.dat
Removed! : C:\WINDOWS\pbbho.dat
Removed! : C:\WINDOWS\pfglek.dat
Removed! : C:\WINDOWS\pgsfdn.dat
Removed! : C:\WINDOWS\pgvqid.dat
Removed! : C:\WINDOWS\pzhgya.dat
Removed! : C:\WINDOWS\qvvume.dat
Removed! : C:\WINDOWS\ratris.dat
Removed! : C:\WINDOWS\rbvzv.dat
Removed! : C:\WINDOWS\rczgaz.dat
Removed! : C:\WINDOWS\rddvbi.dat
Removed! : C:\WINDOWS\rsxsy.dat
Removed! : C:\WINDOWS\rvqtsr.dat
Removed! : C:\WINDOWS\sdkrp.dll
Removed! : C:\WINDOWS\sdksh.dll
Removed! : C:\WINDOWS\sfowop.dat
Removed! : C:\WINDOWS\sgkzrs.dat
Removed! : C:\WINDOWS\sodvot.dat
Removed! : C:\WINDOWS\sxikkq.dat
Removed! : C:\WINDOWS\sycyr.dat
Removed! : C:\WINDOWS\tklkz.dat
Removed! : C:\WINDOWS\tklkz.dll
Removed! : C:\WINDOWS\tnxgrf.dat
Removed! : C:\WINDOWS\trjcqk.dat
Removed! : C:\WINDOWS\trtaac.dat
Removed! : C:\WINDOWS\tvrrh.dat
Removed! : C:\WINDOWS\twkdov.dat
Removed! : C:\WINDOWS\ugwuyw.dat
Removed! : C:\WINDOWS\ujhlme.dat
Removed! : C:\WINDOWS\utirj.dat
Removed! : C:\WINDOWS\veswtv.dat
Removed! : C:\WINDOWS\vmiid.dat
Removed! : C:\WINDOWS\vncahi.dat
Removed! : C:\WINDOWS\voxws.dat
Removed! : C:\WINDOWS\vrvsj.dat
Removed! : C:\WINDOWS\vvmler.dat
Removed! : C:\WINDOWS\wbwssf.dat
Removed! : C:\WINDOWS\wclwe.dat
Removed! : C:\WINDOWS\weirj.dat
Removed! : C:\WINDOWS\wfznp.dat
Removed! : C:\WINDOWS\winwp.dll
Removed! : C:\WINDOWS\winym.dll
Removed! : C:\WINDOWS\wktcg.dat
Removed! : C:\WINDOWS\wtxiqu.dat
Removed! : C:\WINDOWS\wvhsl.dat
Removed! : C:\WINDOWS\xmezj.dat
Removed! : C:\WINDOWS\xoyboo.dat
Removed! : C:\WINDOWS\xrhgjf.dat
Removed! : C:\WINDOWS\xrxgin.dat
Removed! : C:\WINDOWS\yrkcp.dat
Removed! : C:\WINDOWS\ywcrnf.dat
Removed! : C:\WINDOWS\zckru.dat
Removed! : C:\WINDOWS\zfjfkv.dat
Removed! : C:\WINDOWS\zzjxju.dat
Removed! : C:\WINDOWS\System32\addls.dll
Removed! : C:\WINDOWS\System32\aeafh.dat
Removed! : C:\WINDOWS\System32\ahzin.dat
Removed! : C:\WINDOWS\System32\akpbg.dat
Removed! : C:\WINDOWS\System32\apiri32.exe
Removed! : C:\WINDOWS\System32\apppw32.exe
Removed! : C:\WINDOWS\System32\bubgw.dat
Removed! : C:\WINDOWS\System32\cwfrj.dat
Removed! : C:\WINDOWS\System32\d3jk.exe
Removed! : C:\WINDOWS\System32\d3my32.dll
Removed! : C:\WINDOWS\System32\d3ut.exe
Removed! : C:\WINDOWS\System32\dlpji.dat
Removed! : C:\WINDOWS\System32\dyuiz.dat
Removed! : C:\WINDOWS\System32\fhnvk.dat
Removed! : C:\WINDOWS\System32\fhnvk.dll
Removed! : C:\WINDOWS\System32\fhoov.dat
Removed! : C:\WINDOWS\System32\fnpvi.dat
Removed! : C:\WINDOWS\System32\fuhmw.dat
Removed! : C:\WINDOWS\System32\fvbyr.dat
Removed! : C:\WINDOWS\System32\ghbbg.dat
Removed! : C:\WINDOWS\System32\hkltw.dat
Removed! : C:\WINDOWS\System32\hrqoa.dat
Removed! : C:\WINDOWS\System32\htcjz.dat
Removed! : C:\WINDOWS\System32\iclgz.dat
Removed! : C:\WINDOWS\System32\idnna.dat
Removed! : C:\WINDOWS\System32\iebj.dll
Removed! : C:\WINDOWS\System32\ienyo.dat
Removed! : C:\WINDOWS\System32\ieqh32.exe
Removed! : C:\WINDOWS\System32\ihmwo.dat
Removed! : C:\WINDOWS\System32\ihmwo.dll
Removed! : C:\WINDOWS\System32\ilkkm.dat
Removed! : C:\WINDOWS\System32\ipxrs.dat
Removed! : C:\WINDOWS\System32\iqrnj.dat
Removed! : C:\WINDOWS\System32\javadn.dll
Removed! : C:\WINDOWS\System32\kacht.dat
Removed! : C:\WINDOWS\System32\kdnbz.dll
Removed! : C:\WINDOWS\System32\klwoi.dat
Removed! : C:\WINDOWS\System32\kobhb.dat
Removed! : C:\WINDOWS\System32\lmqai.dat
Removed! : C:\WINDOWS\System32\lozxo.dat
Removed! : C:\WINDOWS\System32\mvhec.dat
Removed! : C:\WINDOWS\System32\mxjtm.dat
Removed! : C:\WINDOWS\System32\nbuww.dat
Removed! : C:\WINDOWS\System32\ntjx.exe
Removed! : C:\WINDOWS\System32\nvetm.dat
Removed! : C:\WINDOWS\System32\owcht.dat
Removed! : C:\WINDOWS\System32\pemuo.dat
Removed! : C:\WINDOWS\System32\pfhhg.dat
Removed! : C:\WINDOWS\System32\qtrah.dat
Removed! : C:\WINDOWS\System32\qutrm.dat
Removed! : C:\WINDOWS\System32\qwrsw.dat
Removed! : C:\WINDOWS\System32\rsufe.dat
Removed! : C:\WINDOWS\System32\sdkji32.dll
Removed! : C:\WINDOWS\System32\sdkxr32.exe
Removed! : C:\WINDOWS\System32\seuor.dat
Removed! : C:\WINDOWS\System32\srldw.dat
Removed! : C:\WINDOWS\System32\sxecn.dat
Removed! : C:\WINDOWS\System32\unzca.dat
Removed! : C:\WINDOWS\System32\uqeiz.dat
Removed! : C:\WINDOWS\System32\uqeiz.dll
Removed! : C:\WINDOWS\System32\uvzpa.dat
Removed! : C:\WINDOWS\System32\vgdyd.dat
Removed! : C:\WINDOWS\System32\vpmwj.dat
Removed! : C:\WINDOWS\System32\vybxa.dat
Removed! : C:\WINDOWS\System32\xesxc.dat
Removed! : C:\WINDOWS\System32\xysaj.dat
Removed! : C:\WINDOWS\System32\yktca.dat
Removed! : C:\WINDOWS\System32\zxbpg.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


HiJack

Logfile of HijackThis v1.98.0
Scan saved at 8:51:10 AM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\netxt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\support.com\bin\tgfix.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\mike\Desktop\hijack\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {72AD0FFC-F791-779E-2F76-0FB10CEAD4B1} - C:\WINDOWS\system32\javadn.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [winrk32.exe] C:\WINDOWS\system32\winrk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

#7 jimarm

jimarm

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 13 July 2004 - 11:11 AM

My 3 month old XP was running slowly as well. The icon of two monitors on the lower right will give you your ISP status, showing info (bytes) sent and received; this should be static, or almost so, when all windows have finished loading. Mine was running like a gas pump, with no indication where the info was going or coming from, but obviously the reason my browser was slow. It didn't go away until I installed ZoneAlarm, which caught attempted intrusions every few minutes for a while, then settled down. Now my ISP is normal, as is my browser speed. Give it a try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button