Jump to content


Photo

Help, I need someone to analyze my HijackThis Log!


  • Please log in to reply
1 reply to this topic

#1 carway

carway

    Member

  • New Member
  • Pip
  • 1 posts

Posted 26 July 2004 - 10:25 PM

I've been experiencing problems lately with my comp. It's really slow, hangs sometimes, and I get alot of 'not responding' programs at startup.

The most often 'not responding' programs include:

Explorer
Updmgr
Mixer

I came across this forum and I saw in many cases that using HijackThis to fix Updmgr seemed to work for most people. So I have already fixed that using HijackThis, and I believe that it has considerably improved the performance of my comp.

The following is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 10:19:02 AM, on 7/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMET\BIN\CSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EACCELERATION\EANTHOLOGY.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ICQPLUS\VPLUS.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ICQ\ICQ.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\HXIUL.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\EBRR.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\PRINTMONITOR.EXE
C:\WINDOWS\EMSW.EXE
C:\PROGRAM FILES\INTUWAVE\SHARED\PRODUCT\MROUTERRUNTIME.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\PROGRAM FILES\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\K-MELEON\K-MELEON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.come.../assist_ct.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0x50c41046.albnxx4.adsl-dhcp.tele.dk:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET\BIN\CSBHO.DLL
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: (no name) - {6994B62B-62CE-C30E-A56B-83EDC957F62F} - C:\PROGRAM FILES\GLOBAL HELP\BROWSEFORD.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Comet Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET\BIN\CSIETB.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O3 - Toolbar: TEST WMA BITS - {698C4974-C812-F940-9BC2-D8DF1FD1181F} - C:\PROGRAM FILES\GLOBAL HELP\BROWSEFORD.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CC2KUI] C:\PROGRA~1\COMET\BIN\CSTRAY.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Microsoft System Restore Configuration] CBRSS.EXE
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [extracoal] C:\PROGRA~1\DENTOK~1\link army.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE" /Startup
O4 - HKLM\..\Run: [RebateNation0] "C:\PROGRAM FILES\REBATE_NATION\RebateNation0.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQ.exe -minimize
O4 - HKCU\..\Run: [Homepage Guard] "C:\PROGRAM FILES\HGUARD\GUARD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\RunOnce: [Microsoft System Restore Configuration] CBRSS.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: Rebate Nation - file://C:\PROGRAM FILES\REBATE_NATION\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 - http://216.114.79.41...va/cs4ms066.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_5_0.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {D14D6793-9B65-11D3-80B6-00500487BDBA} (CSBHO Class) - http://files.cc.come...-3-333-ccct.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8028.4006018518
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

I would really appreciate it if someone could tell me as to which programs should be fixed and removed using HijackThis or manually.

A system scan has also showed that my comp has been infected with:

Batch.Virus
COM.BOOT
IRC.VIRUS
MACRO.Virus
SCRIPT.Virus

Win32.HLLM.Bugbear
Win32.HLLM.RoRo.41

Backdoor.Trojan

VBS.LoveLetter

Can anybody tell me how to remove/cure them?? Thank you so much for your time!

#2 daveai

daveai

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,214 posts

Posted 02 September 2004 - 10:59 PM

Thanks for sending your HijackThis logfile. We apologize for the delay in responding. The volunteers working here are swamped, and unfortunately some requests don't get ansered in a timely manner.

If you still need some help with your problem, please respond to this with a fresh HijackThis log.

I will be notified automatically when that happens.

Thanks
daveai
If you found our service worthwhile, and want to help keep SpwareInfo running please consider donating here.

"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button