Tech Support Guy banner
Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
32 Posts
Discussion Starter · #1 ·
My computer is running so slow even though I have a cable internet connnection. Here is my hijack log can you tell me if I can get rid of some stuff to speed it back up.

Logfile of HijackThis v1.97.7
Scan saved at 11:17:31 PM, on 1/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MPFSERVICE.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Save\Save.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
C:\windows\system32\rk.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLHostManager.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfAgent.exe
C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,35,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetStartup -s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104210846\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\Port Magic\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Registration-Studio 7SE.lnk = C:\Program Files\Pinnacle\Studio\Register\RegTool.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digimax Viewer 1.0.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwspades_scecab_24.165.181.79.60210729461231521_2336339.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #3 ·
ok I hope I got rid of New.net and here is new hi jack this log:

Logfile of HijackThis v1.99.0
Scan saved at 12:16:43 AM, on 1/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Save\Save.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
C:\windows\system32\rk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLHostManager.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,35,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104210846\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\Port Magic\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Startup: Registration-Studio 7SE.lnk = C:\Program Files\Pinnacle\Studio\Register\RegTool.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Digimax Viewer 1.0.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwspades_scecab_24.165.181.79.60210729461231521_2336339.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AutoComplete Service - Unknown - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\mcafee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service - Unknown - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Registered
Joined
·
677 Posts
Also, every program you install seems to think that you want it to automatically run every time you boot windows. What's up with that, btw?! If your system tray is 2 feet long with a bunch of startup apps, you can right click on the icons and go into the program settings/preferences and look for options like "run on windows start up". If you can't find that, you can do "start, run, msconfig" and look at the list of all the applications that are starting with your windows.

For instance - I see up there both trillian and yahoo instant messenger. If you're using trillian, yahoo doesn't need to be running at the same time. Neither really need to start with your computer - you can turn them on and off when you want them.

That WHENUSAVE thing is a spyware/adware/trytogetyoutobuythings thing that can be deleted - I think that shows in add/remove programs actually.

Do you want Money to start automatically? It looka like something about that program is starting with Windows also.

Anyway, mayhap this will give you one direction to look.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #8 ·
Logfile of HijackThis v1.99.0
Scan saved at 11:33:17 AM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
C:\windows\system32\rk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLHostManager.exe
C:\PROGRA~1\mcafee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\1104210846\EE\AOLServiceHost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,35,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104210846\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\Port Magic\PortAOL.exe" -Run
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: Registration-Studio 7SE.lnk = C:\Program Files\Pinnacle\Studio\Register\RegTool.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwspades_scecab_24.165.181.79.60210729461231521_2336339.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AutoComplete Service - Unknown - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\mcafee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service - Unknown - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Registered
Joined
·
677 Posts
Are musicmatch jukebox, trillian, yahoo instant messneger and quicktime starting with Windows? Kinda looks like it from this - I'm not real experienced looking at these logs. Those can be turned off from starting wtih Windows within their program preference settings. Turning them off doesn't prevent them from working on demand - they just don't need to be running all the time, using resources & such.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #10 ·
I have no idea, other then I get a lil icon thingie down at the bottom corner for all of them. I am not sure how to keep them from coming up automatically. I would like for trillian to continue tho as I use it daily.
 

·
Registered
Joined
·
677 Posts
If on the lower right hand corner system tray you see all the icons for aol instant messenger, yahoo, jukebox, etc. (I forget what all you have running). Open each application - even trillian. Go into the preferences, settings, etc., and find where it is checked to "run on windows start" or something of the sort. Uncheck it. Most people don't really need all that to start when windows starts, or to be running ALL THE TIME. Even trillian, as useful as it is, doesn't need to start with Windows. You can start in and run it when you want to - YOU take control! lol Just because you take them out of here does not mean you won't be able to rune them when you want to. You're not really deleting anything.

You can also look in your startup folder (can't remember how to get to that in xp - I guess you could do a search for "startup" and find the folder that way - it's a bit buried. You will see things like microsoft office fast index & stuff. Most of us don't need any of that to run on start. Deleting those shortcuts really doesn't affect the program much. You can create a folder called "disabled startup" and drag the icons into there if you're not sure.

Reboot and if there's still a bunch of stuff in that tray, try to figure out what is still there - post it here if you're not sure, and we can help you figure out if you need to have it running.

Another way to turn off starting processes is "msconfig" but it's a bit more cryptic. Try these first and let us know what's left.

Christy said:
I have no idea, other then I get a lil icon thingie down at the bottom corner for all of them. I am not sure how to keep them from coming up automatically. I would like for trillian to continue tho as I use it daily.
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top