Could someone check this for me.

rno2 · Guest

I am having some major slowdowns and programs refusing to run. I am unable to figure out why. Here is my Hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 2:31:20 AM, on 6/2/2004
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\ProcessGuard Free\dcsuserprot.exe
C:\WINDOWS\System32\gearsec.exe
d:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\oodag.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
d:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\SLEE503.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
F:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\taskswitch.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
d:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\OPERA75\opera.exe
d:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
G:\Backup Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Off The Fallen Path
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cgi.verizon.net/bookmarks/bmredi...bm=ho_home
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\3.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\3.bin\MWSBAR.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - f:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F186CB1-08C6-4034-8529-CDC625463D99} - C:\PROGRA~1\Emeris\Annotis\SHARED~1\ANNSHE~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - G:\PROGRAM FILES\NEWSSTAND\READER\NSIETOOLBAR.DLL
O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - F:\PROGRAM FILES\SYSTRAN\4_0\PREMIUM\IEPLUGIN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\system32\askbarAB.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - F:\Program Files\GIANT Company Software\Spam Inspector\siClientUIHotmail.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Tau Monitor] F:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [siService.exe] "F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [Spyware Guard] F:\Program Files\SpywareGuard\sgmain.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] F:\Program Files\MRU-Blaster\indexcleaner.exe -CACHE
O4 - Startup: MRU-Blaster Silent Clean.lnk = F:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\3.bin\MWSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm401
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Ask Jeeves Search - res://C:\WINDOWS\system32\askbarAB.dll/...-selection
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Dictionary Search - res://C:\WINDOWS\system32\askbarAB.dll/...ction-word
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save with Download Manager... - file://f:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://F:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Video Ads Blocker v1.0b Personal (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Hello from Picasa Capture (HKLM)
O9 - Extra 'Tools' menuitem: Share in &Hello from Picasa (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shoc...wswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh...tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/sh...wflash.cab

Windows XP SP2, Opera 7.5, Panda Antivirus 7, Spywareguard, Tauscan,
Spybot Resident, Mcafee Antispyware, Outpost Firewall 2.1 Pro

John · Guest

Here is how to read the hijackthis logfile .
Compare it with yours .
http://homepage.ntlworld.com/dvk01uk/tutorial.htm
http://www.spywareinfo.com/~merijn/htlogtutorial.html
http://www.help2go.com/article153.html
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://www.spychecker.com/program/bholist.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list
Beginners Guides: Browser Hijacking & How to Stop It
http://www.pcstats.com/articleview.cfm?articleID=1579

==============================================

Bazooka
http://www.webgrid.co.uk/security_2.html
http://www.winsite.com/bin/Info?17000000037943
http://www.kephyr.com/
Bazooka is freeware and Windows 95/98/ME/NT/2000/XP compatible
Click on the files found & you will be taken to a site that will show you how to remove , either with a program or manually .
It reports on all drives & partitions , so remember to check all these , when doing manual remove .
After the Download - It is important to remember that once the installation of Bazooka is completed , that you should update the File Signatures by clicking on the Update tab and check for an update .
Make sure you Update after installing & then regularly .

rno2 · Guest

I think that I found the problem. I believe that Panda Antivirus is causing the slowdown. Specifically Avengine.exe. It seems to use 94 to 97 percent of the cpu every 10 or so minutes. I have requested help from Panda.

jefftfall · Cadet Joined: Jun 01, 2004 Posts: 4 Location: Australia

rno2

First backup your Registry.

Make a Restore Point.

Go to Add/Remove Programs and remove any of these that are present: "My Search Bar", "My Web Search Bar", and "Fun Web Products Easy Installer".

Get HijackThis to fix the following:
C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\3.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\3.bin\mwsoemon.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm401

I assume that you would also have the problem of a search box in your Taskbar. If so, right-click on it and you will probably get an option of: BlazeFind, Yahoo, Google and MSN. Don't do anything with these options. If you found BlazeFind there and it was already ticked, do a search for any files/folders (including hidden) using "blaze" as the file name or part of. If any suspicious found, delete them.

Run Adaware and delete any suspicious entries.

Run CWShredder by clicking on Fix.

Reboot

That should help.

Regards
Jeff (I.T. student)


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 710 pages served in previous 5 minutes. Page Rendered: 0.385 seconds.