Solve : HiJackThis Saved Log? – InterviewSolution

InterviewSolution

1.	Solve : HiJackThis Saved Log?
Answer» Hello, My wifes computer has been running rediculously slow, especially with Internet Explorer. I have ran SpySweeper, and Spybot Search & Destroy. The popups are pretty bad as well. Can someone help me diagnose this HiJackThis log that I saved? Thanks in advance! Logfile of HijackThis v1.99.1 Scan saved at 3:56:29 PM, on 8/20/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\WLTRYSVC.EXE C:\WINNT\System32\bcmwltry.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\hidserv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\WLTRAY.exe C:\Program Files\Common Files\AOL\1152241532\ee\AOLSoftware.exe C:\Program Files\America Online 9.0\waol.exe C:\WINNT\system32\wuauclt.exe C:\program files\common files\aol\1152241532\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1152241532\ee\aolsoftware.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\SZA72PYP\HijackThis[1].exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3f01145d-abe8-45eb-89ec-179a0550fb94} - C:\WINNT\system32\ppcvvku.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5CF2F817-721F-4057-89C6-7883733BD2A1} - C:\WINNT\system32\xxywu.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\ebmubjxx.dll O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINNT\system32\opnnklj.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1152241532\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll O15 - Trusted Zone: .imageservr.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .amaena.com (HKLM) O15 - Trusted Zone: .drivecleaner.com (HKLM) O15 - Trusted Zone: .errorprotector.com (HKLM) O15 - Trusted Zone: .errorsafe.com (HKLM) O15 - Trusted Zone: .imageservr.com (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .systemdoctor.com (HKLM) O15 - Trusted Zone: .winantispyware.com (HKLM) O15 - Trusted Zone: .winantivirus.com (HKLM) O15 - Trusted Zone: .winfixer.com (HKLM) O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O18 - PROTOCOL: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: opnnklj - C:\WINNT\SYSTEM32\opnnklj.dll O20 - Winlogon Notify: xxywu - C:\WINNT\system32\xxywu.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeIf your malware protection is up-to-date...try running full sytem scans in Safe Mode... LET them delete and/or quarantine what they find...boot normally and run the scans again. CBMatt, a Moderator here, can help you with your Hijack This log.First of all, this is in the wrong section, so I'm going to move your thread. Your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please download it again and save it to a new permanent folder at C:\Program Files\HJT. Also...you don't appear to have any sufficient anti-virus protection, which is a big no-no. If you surf the internet without a full arsenal, you will get infected. Until you get some protection, it would be pointless to go any further, as you will simply become infected again. Download AVG Free, install it, update it, and scan in Safe Mode. Once you have DONE that, you should run VundoFix... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. Now, let's address your log... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... O2 - BHO: (no name) - {3f01145d-abe8-45eb-89ec-179a0550fb94} - C:\WINNT\system32\ppcvvku.dll O2 - BHO: (no name) - {5CF2F817-721F-4057-89C6-7883733BD2A1} - C:\WINNT\system32\xxywu.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\ebmubjxx.dll O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINNT\system32\opnnklj.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O15 - Trusted Zone: .imageservr.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .amaena.com (HKLM) O15 - Trusted Zone: .drivecleaner.com (HKLM) O15 - Trusted Zone: .errorprotector.com (HKLM) O15 - Trusted Zone: .errorsafe.com (HKLM) O15 - Trusted Zone: .imageservr.com (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .systemdoctor.com (HKLM) O15 - Trusted Zone: .winantispyware.com (HKLM) O15 - Trusted Zone: .winantivirus.com (HKLM) O15 - Trusted Zone: .winfixer.com (HKLM) O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe O20 - Winlogon Notify: opnnklj - C:\WINNT\SYSTEM32\opnnklj.dll O20 - Winlogon Notify: xxywu - C:\WINNT\system32\xxywu.dll Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)... Alexa WinAntiVirus Please note any other programs that you dont recognize in that list in your next response. Navigate to and delete the following file(s) if present... C:\WINNT\system32\ebmubjxx.dll C:\WINNT\system32\opnnklj.dll C:\WINNT\system32\ppcvvku.dll C:\WINNT\system32\xxywu.dll C:\WINNT\web\related.htm Once you've done all of this, reboot into Normal Mode and post a new HijackThis log (along with your VundoFix log) so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

No Comment Found

Related InterviewSolutions