I'd really appreciate it if someone checks my log, my pc is running slower than usual

Hello, niall. Thank you for being patient while I reviewed your log!

Good news, there isn't any malware at work in your HJT log!
However before I declare you clean, let's check a few things.

First, it appears you have Messenger Plus. This program contains a 'sponsor' program that serves up adware & spyware. If you installed this 'sponsor' program, please uninstall Messenger Plus and reinstall it back but without the sponsor.

Next I would like you to do an online scan at Panda ActiveScan.

1. Click on the Scan your PC button & it will bring up a 'pop up' window * Make sure that it isn't being blocked by your pop up blocker
2. Click On 'Next'
3. Enter your e-mail address & click 'Send' (Don't worry, I've never been spammed by them)
4. In the next window, 'check' the following:
   • Disinfect automatically
   • Scan compressed files
   • Scan e-mail files
   • Detect unknown viruses (heuristic)
   • Detect spyware
5. Begin the scan by selecting All My Computer
6. If it finds any malware, it will offer you a report. Click on see report
7. Then click Save report, and save it to Desktop
8. Post the contents of the report in your next reply

Next, I would like to see a new HJT log.
However it appears you have placed HJT in your "My Documents" folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a folder such as "My Documents" then files may be lost or deleted by accident.

After moving HJT to it's own directory, please make sure you're running the latest version of HJT. (v1.99.1). If not then go to this site, and download the latest copy.

Next, make sure you're in Normal Mode, close all browsers, and while having only one instance of HJT running, save a new log.

Please post all of the contents of the HJT log (including the header this time), as well as your Panda scan in your next reply.

Welcome back niall! I'm glad you decided to follow through here. :smile:

Regarding Panda:
Use Internet Explorer and go to Panda's website. Once there, configure IE as follows:

• Click: Tools > Internet Options
• Choose the "Security" tab
  • Click "Custom Level"
• Under "ActiveX controls and plug-ins" you will see 5 settings with options for each.
  • Choose "enable" for each setting.
• Run the scan.

After it has finished be sure to reset those settings to either "prompt" or "disable" before visiting any other websites.

If you have any questions, or don't understand these instructions, please ask. As requested before, when you are able to complete all scans (Panda & HJT) please post the logs here (including headers).

Thanks!

RavenMind

I would like to see the following items before we continue:

System Specs
Be sure to include the following:

• CPU & speed (e.g. Pentium-3, 850MHz etc.)
• RAM
• Type & size of Hard Drive
  • Ammount of free space on your hard drive
• How you are connecting to the internet (e.g., Dialup, Broadband, etc.)
  • Type of modem you are using
• Operating System, including any service packs (e.g., Windows XP Home SP2, Windows 98 2nd ed., etc.)

Most of this information can be found in System Information. This is usually found by doing the following:
Click Start > Programs > Accessories > System Tools > System Information

In addition, please post a new Hijack This log. Make sure you are in normal mode when you run the scan, and include all headers when you post it here!

I don't really know how to reply to this, I didn't really know how to narrow it down so here's the system summary just. Please ask if you want to see more. I have dial-up, my hard drive is 38.2GB and has 30.7 GB free space. My modem is called CXT10B6-HCF PCI Modem. I don't know about my ram or what my hard drive is called to be honest. My cpu says belinea? I need an embarressed smily now, I'm not the brightest. Also, my pc seems to have got even slower today.

System Information report written at: 09/14/05 16:58:20
System Name: D2G0K2
[System Summary]

Item Value
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name D2G0K2
System Manufacturer MAXDATA
System Model *
System Type X86-based PC
Processor x86 Family 6 Model 3 Stepping 1 AuthenticAMD ~751 Mhz
BIOS Version/Date Award Software International, Inc. 6.00 PG, 24/01/2001
SMBIOS Version 2.2
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United Kingdom
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name D2G0K2\pc user
Time Zone GMT Standard Time
Total Physical Memory 128.00 MB
Available Physical Memory 11.89 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 307.92 MB
Page File C:\pagefile.sys

Logfile of HijackThis v1.99.0
Scan saved at 05:22:58, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\OINFOP11.EXE
C:\Documents and Settings\pc user\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

niall,

The version of HijackThis you are using is outdated, and still not in a good folder. Also you haven’t mentioned anything about MessengerPlus 3, but it’s still showing in your log. Please re-read & follow my directions in post #3 regarding updating & moving HJT, and let me know what you decide to do about MessengerPlus 3.


I see you have AVG installed on your system. This is a decent antivirus, so since you’re on dialup, just update your AVG definitions & run a full scan with it.
If you have the time I would also like to see a scan done with Kaspersky. It should take approximately 15min to download on a 56K dialup, and then anywhere from another 15minutes to an hour to run. Here are the directions & link:
Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Clean out Prefetch & Temps:
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Also the prefetch folders can take up memory unnecessarily.

Download CleanUp! (Alternate Link if the main link does not workhttp://www.greyknight17.com/spy/Cleanup.exehttp://www.greyknight17.com/spy/Cleanup.exe) and install it
Run Cleanup! & configure the program as follows:

1. Click Options...
2. Move the arrow down to Custom CleanUp!
3. Put a check next to the following:
   • Empty Recycle Bins
   • Delete Cookies
   • Delete Prefetch files
   • [X]Scan local drives for temporary files (Please uncheck this option)
   • Cleanup! All Users
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup!

Now assuming we don’t catch anything in the current version of HJT or your antivirus scans, it would appear that the reason you’re system is slowing down is the result of the kind of software you are trying to run on your type of hardware.

Operating System: You are trying to run Windows XP on a system that is pretty close to it’s minimum system requirements. In fact I think most ‘tech types’ would recommend against running XP on your system at all. Now downgrading to say Windows 98 SE may or may not be a viable option for you. In-fact I’m not even going to recommend it, except as something to try out if you have the time and/or desire. If you have a copy of Win98 you may want to try setting up a dual boot, and seeing if you see any performance increases. At least that way you won’t have to reinstall WinXP if you like it better, and you can keep all of your existing programs.

Memory: Next up is RAM. The amount & type of RAM (memory) is most often the biggest bottle-neck in system speed. I’m showing you have 128MB of RAM (Total Physical Memory according to “System Information”), and am going to assume by the other specs that it is PC-133. This is neither fast, nor very much, and coupled with your relatively low processor speed understandably makes for a slow system for running modern programs.

One of the ways to free up some memory & therefore get your PC running closer to it’s maximum potential is to get avoid running unnecessary programs. Many of these programs run in the background, mostly without user knowledge or input. I do see some of these on your system & will make recommendations as to their removal. You need to judge for yourself whether or not they are useful enough to keep using or things you can sacrifice for the sake of speed.

The following programs may be set to run on startup (taking up system resources), and/or set to check the internet for updates (taking up bandwidth). You will need to change the settings from within the program to take them out of startup, and disable automatic updates. If you do disable automatic updates then be sure to check for updates manually from time to time.

RealPlayer
Messenger
MS Office
Real Player

Hopefully adjusting the settings on these programs will help with system speed (but don’t expect too much).

Themes: Try disabling your desktop themes. (Start > Settings > Control Panel > Display > Themes tab)

Defragment: Try defragmenting your hard drive. Click Start > Programs > Accessories > System Tools > Disk Defragmenter Click Defragment and let it run. Could take a while.


niall, the biggest problem I’m seeing regarding system speed is your hardware. You should probably consider upgrading your ram, if cost-effective, or think about getting a computer with modern components. Otherwise I just don't see this system ever getting fast.

Once your log is declared clean you can then make a new thread in the Microsoft Computing Forum and see if they have any other ideas, or you may check out the Hardware Forum for information on upgrading or building/buying a new system.

Please remember to copy/paste a log from the current version of HJT, as well as the results of your virus scan.

Hello, sorry for the late reply. I don't think my hardware is the problem, I know my computer is fundamentally relatively slow, but I'm sure it's viruses-it used to be MUCH quicker.

I did an AVG scan today, and had 16 trojan horses. 2 of them couldn't delete, one a downloader of an ISTbar, the other a 'downloader.small.'
Also, I had downloaded a new Hijack This version, but it seemed to delete itself after using the AVG scan. Just this moment I've downloaded the new HijackThis log, do you know why it's deleted?

The Kaspercy virus scanner wouldn't work for me, as the ActiveX again didn't download. It said that I wasn't the administrator user, and that my internet privacy should be medium (which it is). Also I did an Ada-Ware scan that produced 60 viruses-ones that I hadn't seen before, not the normal messed up files. Worried that it's gonna get worse until the pc eventually stops and I have to get a new hard drive, which is bloody expensive and annoying. I'm going to bed now, so I'm not gonna use the 'clean up' thing until tomorrow.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:28, on 22/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis version 1.99.1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

I think I've moved it into a non-temporary file. I'll post a new log, I guess it won't do any harm. Also, if I can't use online scanners will that completely mess up the chances of fixing this?

Logfile of HijackThis v1.99.1
Scan saved at 05:09:10, on 23/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\zzzzzz\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

niall said:

I tried to move it into a new folder but it still seems to be temporary. What windows explorer?

Click to expand...

RavenMind said:

Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT , or another name of your choice.

Click to expand...

Is this what you're talking about?
Windows Explorer is otherwise known as "My Computer". It is generally found on the Desktop, and in the Start Menu.

niall said:

I think I've moved it into a non-temporary file.
C:\Program Files\zzzzzz\HijackThis2.exe

Click to expand...

It looks like you tried to "drag & drop" HJT into this folder, which is why it's labelled HijackThis2.exe. The problem with this is that when you save a logfile, or fix something & it creates backups, it will put them all in the old folder.

Are you able to get into Windows Explorer or My Computer now? If not, then stop here, and let me know before proceeding.

If so, then please go to where your first copy of HiJack This is located. Probably still "C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis version 1.99.1.zip\HijackThis.exe", if you haven't run CleanUp! yet. Next:

• Place your cursor (the arrow) over the HiJackThis icon. (It looks like a bundle of dynamite connected to a plunger box)
• Click the right mouse button. (This will bring up a small menu with several options)
• Left click on "Cut"

Now navigate to your permanent folder for HJT. "C:\Program Files\zzzzzz\" is okay so long as you remember that it's for HJT. Once in the permanent folder:

• Left click the "Edit" button at the top of the screen
• Left click "Paste"

You should now see the icon for "HijackThis.exe" next to the one for "HijackThis2.exe"
Next, delete "HijackThis2.exe":

• Place your cursor (arrow) over the "HijackThis2.exe" icon.
• Click the right mouse button. (This will bring up a small menu with several options)
• Left click on "Delete"
• It will ask if you want to move it to the Recycle Bin: Choose "Yes".

niall said:

Also, if I can't use online scanners will that completely mess up the chances of fixing this?

Click to expand...

Perhaps, but I have some other tools in my box to try. Don't loose faith now! :grin: However, I'm going to need some more information & for all the steps to be followed, which is why we're doing this step-by-step, (not to make you look like anything).


If you've had any problems with my directions thus far, then please let me know. Otherwise please post a fresh HJT log, and we will move on to the next step.

Thanks for your patience,

RM

Ok, I've been deleting and downloading HijackThis' a lot trying to get them in the right folder. Basically I now deleted all my hijackthis files. Then I downloaded it again into my documents, cut it, and pasted in the zzzzz folder. At 'my documents' there was still a 1KB hijackthis folder which had no contents, and I deleted it. So hopefully it's ok.

Logfile of HijackThis v1.99.1
Scan saved at 08:19:43, on 23/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\zzzzzz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

The results of the AVG scan I did today are posted below. Also, on my scan today there were no trojan horses, which is good I guess. There's a lot of trojans in the virus vault-13 from a scan on the 27th of September, and 15 from a scan of the 22nd of September. What do I do with these? Do I just delete them?



Partition table (MBR) ok Quick checked
Boot sector of disk C: Change Changed
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
C:\Program Files\Internet Explorer\IEXPLORE.EXE ok Quick checked
C:\Program Files\MessengerPlus! 3\MsgPlus.exe ok Quick checked
C:\Program Files\Messenger\msmsgs.exe ok Quick checked
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE ok Quick checked
C:\Program Files\Real\RealPlayer\realplay.exe ok Quick checked
C:\WINDOWS\regedit.exe ok Quick checked
C:\WINDOWS\system32\ctfmon.exe ok Quick checked
C:\WINDOWS\system32\mshta.exe ok Quick checked
C:\WINDOWS\system32\rundll32.exe ok Quick checked
C:\WINDOWS\system32\shell32.dll ok Quick checked
C:\WINDOWS\system32\shimgvw.dll ok Quick checked
C:\WINDOWS\system32\kernel32.dll ok Quick checked
C:\WINDOWS\system32\wsock32.dll ok Quick checked
C:\WINDOWS\system32\user32.dll Change Changed
C:\WINDOWS\system32\shell32.dll Change Changed
C:\WINDOWS\system32\ntoskrnl.exe Change Changed