Please help w/my log

Discussion in 'adware, spyware & hijack cleaning' started by scoopgirl411, Jul 12, 2004.

Thread Status:
Not open for further replies.
  1. scoopgirl411

    scoopgirl411 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    9
    Location:
    Ohio
    My computer has been running very slowly, and I can't seem to find the reason. Could someone please check my log and tell me if it appears that I have spyware problems?
    Thank you

    Logfile of HijackThis v1.97.7
    Scan saved at 1:26:02 AM, on 7/12/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AdSubtract\adsub.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Pat Muehring\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,349
    Location:
    The Netherlands
    Your log looks clean; I suggest you start by doing some housekeeping:
    Shut down Internet Explorer and Outlook Express.
    Go to Control Panel/Internet, and clear your temporary Internet Files.
    Also clear your History.
    Go to the 'Content' tab, click 'Autocomplete', and clear your forms and passwords cache.

    Now go to the Advanced tab, and click Restore Defaults.
    Go to the Security tab > Internet, and click restore defaults there as well.

    Empty the entire contents of your Documents and Settings\UserName\Local Settings\Temp folder (it probably has the hidden attribute!), and empty your recycle bin.

    Have you recently defragmented your drive? If not, I suggest you do:

    Start > Run > Dfrg.msc

    Also, you're running an outdated and therefore unsafe version of Internet Explorer.

    You NEED to upgrade to IE 6.0 SP1 (Make sure you get the correct language version for your operating system! ).

    Next, go to the Windows Update site, and download and install ALL Critical Updates on offer.
    That will fix innumerable bugs, update a large number of important system files, and plug many security holes.

    I suggest you do all that, and tell us whether that helps.
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,349
    Location:
    The Netherlands
  4. scoopgirl411

    scoopgirl411 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    9
    Location:
    Ohio
    Thank you so much - that worked wonders!!!!
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,349
    Location:
    The Netherlands
    Great! :)

    Good to hear that worked for you.
     
Thread Status:
Not open for further replies.