1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Computer viruses [Computer running slow - HJT log]

Discussion in 'Malware and Virus Removal Archive' started by iujmheb, 2005/03/15.

Thread Status:
Not open for further replies.
  1. 2005/03/15
    iujmheb

    iujmheb Inactive Thread Starter

    Joined:
    2005/02/27
    Messages:
    46
    Likes Received:
    0
    My computer is running extremely slow and I think it may be infected with vruses or something. Any suggestions would be greatly appreciated. Thank You. Hijack Logfile of HijackThis v1.99.1
    Scan saved at 10:12:37 PM, on 3/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\SK9910DM.EXE
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\WINNT\System32\ezSP_Px.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package
    Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package
    Applications\Residence.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://ms101.mysearch.com/sa/srchlft.html
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo
    Imaging\Hpi_Monitor.exe "
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
    Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe "
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
    Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program
    Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
    file)
    O9 - Extra button: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no
    file)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra button: Downloads - {A6261921-9D84-4A99-9992-8E21F1A6AC6F} -
    http://www.downloadalot.com (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O9 - Extra button: Searchalot - {D4E260F1-2334-434C-BBCE-6CC587310CB7} -
    http://www.searchalot.com (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ChatSpace Java Client 2.1.0.91 -
    http://65.106.39.244:8001/Java/cs4ms091.cab
    O16 - DPF: Talk City EZTalk 3.0 -
    http://chat.talkcity.com/java/ezmed/ezmed.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
    http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} -
    http://sp.ask.com/docs/toolbar/download/AskBar-inst.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/070128be1146508a4504/netzip/RdxIE601.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) -
    hcp://system/RunExeActiveX.CAB
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
    http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl
    Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
    (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
    http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton SystemWorks\Norton
    Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
    Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
    C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file
    missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation -
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
    C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    iujmheb,
    #1
  2. 2005/03/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    iujmheb - Welcome to the Board :)

    It is helpful to have a Meaningful Title to your thread - a very brief summary of the problem - to draw the attention of others. As you are new here I have edited your thread title.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2005/03/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS iujmheb:)

    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://ms101.mysearch.com/sa/srchlft.html
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
    file)
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no
    file)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra button: Downloads - {A6261921-9D84-4A99-9992-8E21F1A6AC6F} -
    http://www.downloadalot.com (file missing) (HKCU)
    O9 - Extra button: Searchalot - {D4E260F1-2334-434C-BBCE-6CC587310CB7} -
    http://www.searchalot.com (file missing) (HKCU)
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} -
    http://sp.ask.com/docs/toolbar/download/AskBar-inst.cab

    Delete the My Search folder in C:\Program Files if present.

    Reboot and post a new log. Let us know if things have improved.
     
    noahdfear,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...