I need to have someone look over this Hijackthis. It is for XP. I have run it through Spy Sweeper, Giant antispyware, and lavasoft. It still takes a minute or two to open a new web page or another application.
Logfile of HijackThis v1.98.2
Scan saved at 11:00:18 PM, on 10/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievx
x.exe
C:\PROGRA~1\NORTON~1\NORTO
N~2\GHOSTS
~2.EXE
C:\WINDOWS\system32\driver
s\KodakCCS
.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ScsiAc
cess.EXE
C:\PROGRA~1\NORTON~1\SPEED
D~1\nopdb.
exe
c:\progra~1\intern~1\iexpl
ore.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuaucl
t.exe
C:\Documents and Settings\Administrator\Loc
al Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.
exe
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.pdvjausvxts.com/nBEcpZWlEpiBDtgvTuNPDEpyr0V7unaJZv_aq/25ibtkV08IF_pJQMpho6Fcl/WU.htmlR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH
elper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B
136188F5DE
B} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7
D2660C9EC9
8} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2
561D68B201
2} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Mapisafe] C:\PROGRA~1\KEEPSO~1\surfd
ateonce.ex
e
O4 - HKLM\..\Run: [heck test platform fork] C:\Documents and Settings\All Users\Application Data\curb media heck test\dvdcake.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
0B0D0A1DE4
5} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\System32\Shdocv
w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
0105AA9B6A
E} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {37A273C2-5129-11D5-BF37-0
0A0CCE8754
B} (TTestGenXInstallObject) -
http://www.mymathtest.com/bin/TestGenXInstall.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D
3E34FC7B00
A} (WTHoster Class) -
http://install.wildtangent.com/bgn/partners/aolim/install.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
0105AA9B6A
E} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {F7A05BAC-9778-410A-9CDE-B
FBD4D5D2B7
F} (iPIX Media Send Class) -
http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
