Tech Support Forum - View Single Post - Computer is sluggish! Please check Hijackthis log

falcon · 07-02-2004, 07:58 AM

There were no viruses. I removed everything but the Niagarad stuff...I need that! I wasn't sure about some of your instructions "Check and fix"? Can you be more specific?

Here is my new Hijack file...........

Logfile of HijackThis v1.97.7
Scan saved at 10:53:57 AM, on 7/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Niagara\r2.301.330\nre\bin\niagarad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\recovery folder\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.boston.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AMF Daily Planner and PIM.lnk = C:\Program Files\PIM\amf.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O15 - Trusted Zone: www.howardstern.com
O15 - Trusted Zone: www.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

07-02-2004, 07:58 AM	#3 (permalink)
falcon Registered User Join Date: Jul 2004 Posts: 80 OS: XP	New Hijack log There were no viruses. I removed everything but the Niagarad stuff...I need that! I wasn't sure about some of your instructions "Check and fix"? Can you be more specific? Here is my new Hijack file........... Logfile of HijackThis v1.97.7 Scan saved at 10:53:57 AM, on 7/2/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\crypserv.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Niagara\r2.301.330\nre\bin\niagarad.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Speed Disk\nopdb.exe C:\Program Files\Norton Utilities\SYSDOC32.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MemoKit\memokit2.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\MsgSys.EXE C:\Program Files\SpywareGuard\sgbhp.exe C:\recovery folder\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.boston.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: AMF Daily Planner and PIM.lnk = C:\Program Files\PIM\amf.exe O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O15 - Trusted Zone: www.howardstern.com O15 - Trusted Zone: www.macromedia.com O15 - Trusted Zone: http://www.macromedia.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab