Hijact this log for checking pse

  Trickyhicky` 20:31 03 Dec 2004
Locked

Is it possible for someone to check this Hijact this log please as I am sure there is something slowing my system down.

Many Thanks Tricky

Logfile of HijackThis v1.97.7
Scan saved at 14:16:58, on 03/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\crsss.exe

C:\Program Files\Web_Rebates\WebRebates0.exe

C:\WINDOWS\system32\mpfguard.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows TaskAd\WinTaskAd.exe

C:\Program Files\Windows TaskAd\WinSched.exe

C:\WINDOWS\twain_32\S6U12BX\WATCH.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

C:\Program Files\Web_Rebates\WebRebates1.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

c:\dl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

  Trickyhicky` 20:32 03 Dec 2004

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = click here

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\r6p.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Windows media service] crsss.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [Macfee Security] mpfguard.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe

O4 - HKLM\..\RunServices: [Windows media service] crsss.exe

O4 - HKLM\..\RunServices: [Macfee Security] mpfguard.exe

O4 - HKCU\..\Run: [Microsoft MSNGR32 Protocol] msngr32.exe

O4 - HKCU\..\Run: [Spyware Doctor] "D:\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" "+b1"

O4 - HKLM\..\RunOnce: [6w7vdi.exe] C:\WINDOWS\System32\6w7vdi.exe /k

O4 - HKCU\..\RunOnce: [6w7vdi.exe] C:\WINDOWS\System32\6w7vdi.exe /k

O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe

O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=click here

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - click here

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - click here

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - click here

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{356C41C8-D074-431F-9FFB-8B1474C4E2C6}: NameServer = 80.225.254.178 80.225.254.186

O17 - HKLM\System\CS1\Services\Tcpip\..\{356C41C8-D074-431F-9FFB-8B1474C4E2C6}: NameServer = 80.225.254.178 80.225.254.186

  JoeC 20:33 03 Dec 2004
  SANTOS7 20:38 03 Dec 2004

the first and third threads on the second page containing ABOUT:BLANK will certainly slow your pc down and can be deleted safely.........

  hillybilly 21:13 03 Dec 2004

"C:\WINDOWS\system32\crsss.exe" Remove it! That's a worm!

Get rid of all od these as well! Restart your PC and do it all in safe mode.

"C:\Program Files\Web_Rebates\WebRebates0.exe"

"C:\Program Files\Web_Rebates\WebRebates1.exe"

"R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank"

"O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)"

"O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\r6p.dll"

"O4 - HKLM\..\Run: [Windows media service] crsss.exe"

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\RunOnce: [6w7vdi.exe] C:\WINDOWS\System32\6w7vdi.exe /k

O4 - HKCU\..\RunOnce: [6w7vdi.exe] C:\WINDOWS\System32\6w7vdi.exe

  mark2 21:42 03 Dec 2004

wait for nellie to come and clear the worst,

However your version of HJT is out of date, you can get the latest from click here follow the instructions, especially regarding unzipping the download, and not running from a temporary folder, you can lose any backups on rebooting when in a temp folder.
try an online scan at click here
to clear some of the virus/worms.

Run Adaware, ensuring you have the latest updates and you reboot when requested.

Once done post back with a fresh Hijackthis log

  ACOLYTE 21:48 03 Dec 2004

i sympathise i ran this other nite and couldn't make head nor tail of it,but in studied it and found that with research you can eliminate most things,i would say that with just looking at yours there are a few things that shouldn't be there ,but as I'm no expert i wont tell you how to proceed.

  hillybilly 21:56 03 Dec 2004

Okay having seen what both mark2 and ACOLYTE have posted, now go and enter any of the items I listed for you into google an see what turns up! When you have got rid of them which are the common ones, I'm sure either VOG or Nellie will turn up an find the real sticklers for you.

  Djohn 22:09 03 Dec 2004

Is an expert at reading Highjack logs along with nellie2. Seeing that mark2 has given you a suggestion to download the latest version of Highjackthis then wait for nellie2 to look over, I would be inclined to follow his excellent advise.

  Nellie2 10:48 04 Dec 2004

Please follow Mark2's advice, I'll pop back later to see if you have posted a fresh hijack log after you have done the online scan and rebooted after running adaware.

  Diemmess 10:57 04 Dec 2004

As one who has benefitted from this forum topic, I too am watching this.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

Illustrator Sylvain Tegroeg created thousands of intricate line drawings for the mobile game…

Best iPad buying guide 2017

Comment télécharger une application indisponible en France ?