Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Mar 2005
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    system_getting_slow_down_hijacklog_attached

    hi,

    I do not know whether this is the correct forum but I am having problem with my system ....

    Attaching is the log file generated by Hijackthis and expect replies that points why my system is getting slow.

    Thanking you in advance , I remain
    ******************************************************


    Logfile of HijackThis v1.99.1
    Scan saved at 5:17:18 PM, on 9/1/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\SYSTEM\HPBPRO.EXE
    C:\WINDOWS\SYSTEM\HPBOID.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER.EXE
    C:\WINDOWS\SYSTEM\FPDISP4A.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\REDIFF BOL\REDIFFMESSENGER.EXE
    C:\WINDOWS\PROFILES\HBMARAR\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.113:80
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\PROGRAM FILES\SOLIDDOCUMENTS\SOLIDCONVERTERPDF\SCPDF\EXPLOREEXTPDF.DLL
    O2 - BHO: CSABHO Object - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SAISHOOK.DLL
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL (file missing)
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\PROGRAM FILES\SOLIDDOCUMENTS\SOLIDCONVERTERPDF\SCPDF\EXPLOREEXTPDF.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM\fpdisp4a.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
    O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: Rediff Bol 7.0.lnk = C:\Program Files\Rediff Bol\RediffMessenger.exe
    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - User Startup: Rediff Bol 7.0.lnk = C:\Program Files\Rediff Bol\RediffMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYIN
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71
    h

    Harish Balakrishnan Marar

  • #2
    Senior Coder Mhtml's Avatar
    Join Date
    Jun 2002
    Location
    Sydney, Australia
    Posts
    3,531
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by hbmarar
    expect replies that points why my system is getting slow.
    How rude. We are not here to serve you.

    And I have never used hijackthis but glancing over that log file I see several lines of concern:
    Code:
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZUxdm080YYIN
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
    Obviously that Yahoo content is not what I am refering to.
    Omnis mico antequam dominus Spookster!

  • #3
    Regular Coder
    Join Date
    Apr 2005
    Location
    1.12°W 52.67°N
    Posts
    218
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Have you tried Ad-Aware, Spybot & Ewido Security Studio.

    Also you should do an anti-virus scan, using up-to-date definitions.

    HJT should only be used as a last resort, and don't remove anything unless you are 100% sure you know what you are removing.

  • #4
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    I don't use MS windows anymore but Yahoo doesn't normally put an ! mark at the end of their directory name do they?

    C:\Program Files\Yahoo!\Common

    I would look at that closer as well in case some spyware is trying to disguise itself as Yahoo.

    But as was mentioned download Ad Aware and Spy Bot and run both of those. It does appear you have some spyware programs installed. More than one it looks like.

    You also might want to take a look at your task manager. Look at the processes and sort it by CPU and/or memory usage and see which process it slowing your system down.
    Last edited by Spookster; 09-01-2005 at 09:23 PM.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #5
    Senior Coder JamieR's Avatar
    Join Date
    Oct 2004
    Location
    United Kingdom
    Posts
    3,161
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Just out of interest, what AV client do you have?

  • #6
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Quote Originally Posted by Spookster
    I don't use MS windows anymore but Yahoo doesn't normally put an ! mark at the end of their directory name do they?

    C:\Program Files\Yahoo!\Common

    I would look at that closer as well in case some spyware is trying to disguise itself as Yahoo.

    But as was mentioned download Ad Aware and Spy Bot and run both of those. It does appear you have some spyware programs installed. More than one it looks like.

    You also might want to take a look at your task manager. Look at the processes and sort it by CPU and/or memory usage and see which process it slowing your system down.
    Yes yahoo does this. I have YIM installed on my system. The folder name is Yahoo!
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #7
    New Coder
    Join Date
    Mar 2005
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sorry

    hi to all,

    Thanks for the concerns and pointers wrote for me.

    Sorry, if you all felt me rude with my language.I am not that sure of language.Sorry.I do know it is only the kindness that I should be asking for..sorry.

    Hope you all did not took my rudeness seriously enough.

    THanking you once again for the consideration and concern...

    Wishing you all a nice time.

    harish Balakrishnan Marar
    Last edited by hbmarar; 09-02-2005 at 07:02 AM. Reason: not sure about a sentence

  • #8
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Quote Originally Posted by hbmarar
    hi to all,

    Thanks for the concerns and pointers wrote for me.

    Sorry, if you all felt me rude with my language.I am not that sure of language.Sorry.I do know it is only the kindness that I should be asking for..sorry.

    Hope you all did not took my rudeness seriously enough.

    THanking you once again for the consideration and concern...

    Wishing you all a nice time.

    harish Balakrishnan Marar
    It wasn't so much as your language, it was the way you "expected answers" we are all volunteers here. We can choose who's questions we answer.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •