Vista running slow and not sure if it is because of Adware

  • jaysandt
  • Born
  • Born
  • jaysandt
  • Posts: 3

Post 3+ Months Ago

I have posted below my hijack this log. Can anyone help me decipher what these things mean? Or is there a website that tells you what each line means. There are obvious ones but some I have no clue about. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 3:20:50 PM, on 10/15/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\STTRAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\RMP2\RMP2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox3.0\firefox.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mlauncher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\icon\icon.exe
C:\churchconv\iconsystems.exe
C:\Windows\System32\calc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tools.local.com/giff/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1061027
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search-Goo ... ID%3A11&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Church Directory Toolbar - {8eea4fda-4c3e-452e-95c4-a7be6c12d0a3} - C:\Program Files\Church_Directory\tbChur.dll
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\RobertDell\Application Data\Mozilla\Profiles\default\cp0u5s04.slt\prefs.js)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Church Directory Toolbar - {8eea4fda-4c3e-452e-95c4-a7be6c12d0a3} - C:\Program Files\Church_Directory\tbChur.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\LEC\Translate DotNet\LEC IE Translation Extension.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Church Directory Toolbar - {8eea4fda-4c3e-452e-95c4-a7be6c12d0a3} - C:\Program Files\Church_Directory\tbChur.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe "/Trigger RunAtLogon"
O4 - Startup: RMP2.lnk = C:\Program Files\RMP2\RMP2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.app.cmo.com
O15 - Trusted Zone: http://www.iconcmo.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{042F0AC7-3864-4061-B1E6-8112AE5CB76A}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{680168CC-3C72-40F6-8BD4-2FD362B35BC3}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{042F0AC7-3864-4061-B1E6-8112AE5CB76A}: NameServer = 192.168.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{042F0AC7-3864-4061-B1E6-8112AE5CB76A}: NameServer = 192.168.1.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (EDSINSTANCE) (MSSQL$EDSINSTANCE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sEDSINSTANCE (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: vtigercrm504 - Conexant Systems, Inc. - (no file)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WMP300NSvc - Unknown owner - C:\Program Files\Wireless-N PCI Adapter\WLService.exe" "WMP300N.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I generally use http://www.processlibrary.com to search unknown processes and I just found another one: http://www.programchecker.com

Anyway, the only 2 things that have to go are:

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\RobertDell\Application Data\Mozilla\Profiles\default\cp0u5s04.slt\prefs.js)

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)


However, I would get rid of those toolbars since they create vulnerabilities. I use Google Toolbar and that's it. I probably shouldn't have that either.
  • jaysandt
  • Born
  • Born
  • jaysandt
  • Posts: 3

Post 3+ Months Ago

I am also getting an error with Hijack this program now. I have sent this to the person it said to send it to but I wanted to copy this in here as well because may be it would be of some help.

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.00.1905
MSIE version: 7.0.6001.18000
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Download and run anti malware from http://www.malwarebytes.org

Update and run it the same way you would Hijack This. Fix Selected.
  • jaysandt
  • Born
  • Born
  • jaysandt
  • Posts: 3

Post 3+ Months Ago

Thank you for the information and the valuable time.

I have downloaded the program and receive 159 things to fix. They were all fixed. I am still getting an error that was stated earlier.
An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error


Also the items that I tried to remove through hijack this do not appear to be getting removed through the Hijack program. They keep on showing up. Any suggestions
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Wow, 159 things!!! If some of the Hijack This items are recreating themselves, you have to find them in the registry. Follow the same path in HKLM and HKCU

Software
Microsoft
Windows
CurrentVersion
Run

Open the run folder. Delete what doesn't belong in the right pane.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 76 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.