HijackThis Log..

Right.. I just got Hijack this..

This is my log..

Logfile of HijackThis v1.99.1



Scan saved at 17:56:38, on 02/06/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\cisvc[Caution: ExecutableFile]



C:\Program Files\Common Files\EPSON\EBAPI\SAgent2[Caution: ExecutableFile]



C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]



C:\WINDOWS\system32\cidaemon[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile]



C:\Program Files\MSI\Live Update 3\LMonitor[Caution: ExecutableFile]



C:\WINDOWS\SOUNDMAN[Caution: ExecutableFile]



C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



C:\DOCUMENTS AND SETTINGS\CHRIS\DESKTOP\HijackThis[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.tip.it/



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)



O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll



O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup



O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install



O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit



O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor[Caution: ExecutableFile]



O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: ExecutableFile]



O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER



O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Chris\My Documents\My Games\MsgPlus[Caution: ExecutableFile]"



O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background



O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]



O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02[Caution: ExecutableFile]



O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html



O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html



O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html



O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm



O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm



O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html



O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html



O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll



O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll



O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll



O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab



O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab



O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab



O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab



O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab



O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll



O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab



O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab



O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab



O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]



O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv[Caution: ExecutableFile]



O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2[Caution: ExecutableFile]



O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]



O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

My PC is running really slowly.. Please help!

anything wrong?

anyone?

anyone?

Looks pretty clean, perhaps you are just running low on memory. I dont have time to do a detailed analysis of your log tho. sorry

Welcome :)

Please reinstall Messenger Plus without the sponsor program (if you have it. If you aren't sure, reinstall but without the sponsor program)

Go to Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts". (If you have MSN Messenger but don't want Windows Messenger)

Download and run CCleaner

Then fix these entries

-> O4 - HKLM\..\Run: [nwiz] nwiz.e3e (CAUTION - executable file) /install

-> O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.e3e (CAUTION - executable file)

-> O4 - HKLM\..\Run: [soundMan] SOUNDMAN.e3e (CAUTION - executable file)

-> O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.e3e (CAUTION - executable file) SYSTEMBOOTHIDEPLAYER

Then post another log please. :)

Welcome :)

 

 

 

 

 

 

 

Please reinstall Messenger Plus without the sponsor program (if you have it. If you aren't sure, reinstall but without the sponsor program)

 

 

 

 

 

 

 

Go to Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts". (If you have MSN Messenger but don't want Windows Messenger)

 

 

 

 

 

 

 

Download and run CCleaner

 

 

 

 

 

 

 

Then fix these entries

 

 

 

 

 

 

 

-> O4 - HKLM\..\Run: [nwiz] nwiz.e3e (CAUTION - executable file) /install

 

 

 

-> O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.e3e (CAUTION - executable file)

 

 

 

-> O4 - HKLM\..\Run: [soundMan] SOUNDMAN.e3e (CAUTION - executable file)

 

 

 

-> O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.e3e (CAUTION - executable file) SYSTEMBOOTHIDEPLAYER

 

 

 

 

 

 

 

Then post another log please. :)

I disagree. 'fixing' those entries using Hijackthis is bad, you should use the preferences available in the separate programs to disable the tray icons we're on about here. They can be useful, and some users like them. Disabling them in this way may result in trouble with the application, users wondering where the icons have gone, or (MSN messenger is very good at this, for one) regeneration of the entries by the program itself, as soon as it first runs again. All in all, it's a bad way of addressing the problem.

To the original poster, if your computer is running slowly, you could also try defragmenting your disks, or posting some specifications of your computer so we have a better idea of what may be done to improve performance.

hehe... My dads just buying a new pc.. hes fed up of this one being so slow :lol: