Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow internet


  • Please log in to reply

#1
betty_309

betty_309

    Member

  • Member
  • PipPip
  • 10 posts
HI
My internet browser and web pages are very slow and I've run Ad-aware SE and the VX2/f plug in and also spybot and it doesn't seem to get rid of this file. Is this why my browser is running so slow?? If so, how do I get rid of it? I'm not very comfortable with doing computer stuff like this...so please explain well and be patient. Thanks for any help you can give me! Here is my log from HyjackThis:
Logfile of HijackThis v1.97.7
Scan saved at 11:40:44 PM, on 10/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\Registration\dllcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, techcd@shaw.ca
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\Owner\LOCALS~1\Temp\dmclld.dat
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [*dllcmd] C:\WINDOWS\Registration\dllcmd.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [*dllcmd] C:\WINDOWS\Registration\dllcmd.exe rerun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSIM0004
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094313294765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Hi betty_309, welcome to Geeks to Go! <_<

Please update Hijack This to version 1.98.2 and post a new log.

Download Hijack 1.98.2 here: http://www.geekstogo...n=download&id=3
  • 0

#3
betty_309

betty_309

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HI,
Ok..I think I have downloaded the latest version of HyjackThis and here is my latest log:

Logfile of HijackThis v1.98.2
Scan saved at 1:56:25 PM, on 10/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\1054\javaanti.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, techcd@shaw.ca
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\itnaavaj.dat
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [*dllcmd] C:\WINDOWS\Registration\dllcmd.exe
O4 - HKLM\..\RunOnce: [*javaanti] C:\WINDOWS\system32\1054\javaanti.exe rerun
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSIM0004
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094313294765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab


Thank you for any help you can give me for this slow internet.
  • 0

#4
betty_309

betty_309

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,
Ok I have installed the latest HyjackThis. I have run Ad-aware and also spybot with the plug in for removing the VX2/f file that comes up but it does not get deleted. My computer is sooo slow especially internet. How do I get rid of this and get my computer back at the speed it was and stop this from happening in the future?? It is so frustrating. The following is my latest log. Please help. I'm not very good with computers but I am learning!! Thanks!!!

Logfile of HijackThis v1.98.2
Scan saved at 11:20:33 PM, on 10/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\1054\javaanti.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, techcd@shaw.ca
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\itnaavaj.dat
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [*javaanti] C:\WINDOWS\system32\1054\javaanti.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSIM0004
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094313294765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#5
theboss

theboss

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.98.2
Safe. Shows the version of HijackThis an. The newest version is: v1.98.2! This should be the newest version. (v1.98.2 )
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen. smss.exe
C:\WINDOWS\system32\winlogon.exe
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine winlogon.exe
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste. services.exe
C:\WINDOWS\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess lsass.exe
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste. svchost.exe
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste. svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
Safe. running process. (LEXBCES.EXE)
Lexmark LexBce Service LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
Safe. running process. (spoolsv.exe)
Systemprozess spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
Safe. running process. (LEXPPS.EXE)
LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. running process. (ccEvtMgr.exe)
Event logging application ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Safe. running process. (mdm.exe)
Machine Debug Manager. Used by developers. mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system. navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
nvsvc32.exe Not dangerous, but unnecessary.
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste. svchost.exe
C:\WINDOWS\Explorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste. explorer.exe
C:\WINDOWS\system32\wscntfy.exe
Safe. running process. (wscntfy.exe)
Windows XP Securitycenter (Service Pack 2) wscntfy.exe
C:\windows\system\hpsysdrv.exe
Safe. running process. (hpsysdrv.exe)
hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Safe. running process. (hpqcmon.exe)
Hewlett-Packard Digital Imaging hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
Safe. running process. (hphmon05.exe)
Part of Hewlett-Packard hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Safe. running process. (realsched.exe)
realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
Safe. running process. (rnathchk.exe)
rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Safe. running process. (ccApp.exe)
ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Safe. running process. (shwicon2k.exe)
shwicon2k.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
Safe. running process. (lxbbbmgr.exe)
lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
Safe. running process. (lxbbbmon.exe)
lxbbbmon.exe
C:\Program Files\D-Tools\daemon.exe
Safe. running process. (daemon.exe)
daemon.exe
C:\WINDOWS\ALCXMNTR.EXE
Unknown running process. (ALCXMNTR.EXE)
This is a unknown process.
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Safe. running process. (mmtask.exe)
mmtask.exe
C:\WINDOWS\LTMSG.exe
Unknown running process. (LTMSG.exe)
This is a unknown process.
C:\WINDOWS\system32\1054\javaanti.exe
Unknown running process. (javaanti.exe)
This is a unknown process.
C:\Program Files\Yahoo!\Messenger\ypager.exe
Safe. running process. (ypager.exe)
YPager.exe
C:\WINDOWS\system32\ctfmon.exe
Safe. running process. (ctfmon.exe)
ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
Safe. running process. (MsnMsgr.Exe)
MsnMsgr.Exe
C:\Corel\Suite8\Programs\DAD8.EXE
Safe. running process. (DAD8.EXE)
DAD8.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Safe. running process. (hpqtra08.exe)
HP Digital Imaging hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
Unknown running process. (SpamSubtract.exe)
This is a unknown process.
C:\Program Files\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. HijackThis.exe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://us9.hpwis.com/' delete it.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://srch-us9.hpwis.com/' delete it.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.insightbb.com/' delete it.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.insightbb.com' delete it.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://srch-us9.hpwis.com/' delete it.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://us9.hpwis.com/' delete it.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
Safe. This entry has been identified as safe.
O1 - Hosts: Usage Information:
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: Save Changes - Save any changes you make to hosts file
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: _________________________________________________________________
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: _________________________________________________________________
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: _________________________________________________________________
Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
O1 - Hosts: By Option^Explicit, techcd@shaw.ca
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: enu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: enu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: henu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: henu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: .whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: .whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: c.whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: c.whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: nc.whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O1 - Hosts: nc.whenu.com
Nasty This entry should be fixed immediately! Must be fixed!
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %
O2 - BHO: CATLEvents Object - {DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\itnaavaj.dat
Unknown Entries found in this registry zone are potentially nasty. This application ([DF57FEB6-9BCE-45E3-AA65-BE327B8CCE7F] - Result: ) has been checked. Hit rate: -1 % Unknown application.
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
Nasty Entries found in this registry zone are potentially nasty. This application ([B2847E28-5D7D-4DEB-8B67-05D28BCF79F5] - Result: B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % Should be fixed.
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - Result: 42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([EF99BD32-C1FB-11D2-892F-0090271D4F88] - Result: EF99BD32-C1FB-11D2-892F-0090271D4F88) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
Safe. The entered application hpsysdrv was identified: hpsysdrv. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
Safe. The entered application CamMonitor was identified: Hewlett Packard Recorder. Hit rate: 17 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Unknown The entered application HPHUPD05 was identified: HPHUPD05. Hit rate: 59 % (result) Unknown application.
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
Safe. The entered application HPHmon05 was identified: HPHmon05. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Safe. The entered application TkBellExe was identified: TkBellExe or TkBell.Exe. Hit rate: 53 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
Safe. The entered application AutoTKit was identified: AutoTKit. Hit rate: 95 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
Safe. The entered application Recguard was identified: Recguard. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Safe. The entered application NvCplDaemon was identified: NvCpl or NvCplDaemon. Hit rate: 71 % (result)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Safe. The entered application nwiz was identified: nwiz. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Safe. The entered application ccApp was identified: ccApp. Hit rate: 94 % (result)
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Safe. The entered application ccRegVfy was identified: CcRegVfy. Hit rate: 88 % (result)
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Safe. The entered application Sunkist2k was identified: Sunkist2k. Hit rate: 95 % (result)
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
Safe. The entered application Lexmark X74-X75 was identified: Lexmark X74-X75. Hit rate: 57 % (result)
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
Safe. The entered application ICQ Lite was identified: ICQ Lite. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
Safe. The entered application DAEMON Tools-1033 was identified: DaemonorDAEMON Tools-1033. Hit rate: 47 % (result)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Safe. The entered application UpdateManager was identified: UpdateManager. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Nasty The entered application AlcxMonitor was identified: AlcxMonitor. Hit rate: 56 % (result) Must be fixed!
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
Safe. The entered application SAClient was identified: SAClient. Hit rate: 94 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Nasty The entered application mmtask was identified: MMtask Service. Hit rate: 69 % (result) Must be fixed!
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
Safe. The entered application LTMSG was identified: LTMSG. Hit rate: 67 % (result)
O4 - HKLM\..\Run: [*javaanti] C:\WINDOWS\system32\1054\javaanti.exe
Unknown The entered application *javaanti was identified: None. Hit rate: 6 % (result) Unknown application.
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
Unknown The entered application BackupNotify was identified: BackupNotify. Hit rate: 57 % (result) Unknown application.
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Safe. The entered application Yahoo! Pager was identified: Yahoo! Pager or ypager. Hit rate: 84 % (result) Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Safe. The entered application ctfmon.exe was identified: ctfmon. Hit rate: 81 % (result)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Safe. The entered application MsnMsgr was identified: MsnMsgr. Hit rate: 99 % (result)
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
Unknown The entered application AIM was identified: None. Hit rate: -1 % (result) Unknown application.
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
Safe. The entered application ICQ Lite was identified: ICQ Lite. Hit rate: 99 % (result)
O4 - Startup: HP Organize.lnk = ?
Unknown The entered application 'HP Organize.lnk (?)' was identified: 'Kein ()'. Hit rate: 4 % (result) Unknown application.
The entry is unnecessary and can be fixed.
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
Safe. The entered application 'spamsubtract.lnk (SpamSubtract.exe)' was identified: 'SpamSubtract (SpamSubtract.exe )'. Hit rate: 81 % (result)
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
Safe. The entered application 'Corel Desktop Application Director 8.LNK (DAD8.EXE)' was identified: 'Corel Desktop Application Director (dadx.exe )'. Hit rate: 50 % (result) Not dangerous, but unnecessary.
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Safe. The entered application 'HP Digital Imaging Monitor.lnk (hpqtra08.exe)' was identified: 'ZENworks Imaging Service (ZISWin.exe)'. Hit rate: 35 % (result)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Safe. The entered application 'Microsoft Office.lnk (OSA.EXE)' was identified: 'Microsoft Office or Microsoft Office Startup (Osa.exe Osa9.exe)'. Hit rate: 32 % (result) Not dangerous, but unnecessary.
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
Safe. The entered application 'Quicken Scheduled Updates.lnk (bagent.exe)' was identified: 'Quicken Scheduled Updates (bagent.exe )'. Hit rate: 90 % (result) Not dangerous, but unnecessary.
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSIM0004
Nasty The entry &Search has been identified as nasty.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Safe. The entry has been identified as safe. If the entry '' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
Safe. The entry Yahoo! Messenger has been identified as safe. If the entry 'Yahoo! Messenger ' is not needed anymore, it should be fixed.
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
Safe. The entry AIM has been identified as safe. If the entry 'AIM ' is not needed anymore, it should be fixed.
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
Safe. The entry ICQ Lite has been identified as safe. If the entry 'ICQ Lite ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
Safe. The entry ICQ Lite has been identified as safe. If the entry 'ICQ Lite ' is not needed anymore, it should be fixed.
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'MoneySide ' is unknown.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
Possibly nasty This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'http://www.insightbb.com ' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
Safe. This entry has been identified as safe.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
Safe. This entry has been identified as safe.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094313294765
Safe. This entry has been identified as safe.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
Safe. This entry has been identified as safe.
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
Nasty This entry is possibly nasty. Should be fixed.


This log has been checked automatically.
Check your log file automatically at www.hijackthis.de.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP