Link to home
Start Free TrialLog in
Avatar of salvatore imparato
salvatore imparatoFlag for Italy

asked on

help my system not must stable...

1) see my hijak log:

Logfile of HijackThis v1.99.0
Scan saved at 22.18.05, on 02/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT1\System32\smss.exe
C:\WINNT1\SYSTEM32\winlogon.exe
C:\WINNT1\system32\services.exe
C:\WINNT1\system32\lsass.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\WINNT1\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT1\system32\spoolsv.exe
C:\WINNT1\System32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT1\system32\regsvc.exe
C:\WINNT1\system32\MSTask.exe
C:\WINNT1\system32\slserv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT1\SYSTEM32\rundll32.exe
C:\WINNT1\System32\WBEM\WinMgmt.exe
C:\WINNT1\Explorer.EXE
C:\WINNT1\System32\inetsrv\inetinfo.exe
C:\WINNT1\System32\svchost.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Nuker 2004\swn2.exe
C:\WINNT1\bxeuayac.exe
C:\Programmi\Parallel Tasking\ptask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT1\system32\rundll32.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINNT1\system32\internat.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\a2\a2guard.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Web_Rebates\WebRebates1.exe
C:\Programmi\Registry Mechanic\RegMech.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINNT1\system32\drwtsn32.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Web_Rebates\WebRebates0.exe
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1001693
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1001693
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\sal\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001693
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT1\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Programmi\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [LTdTfBTn3] C:\WINNT1\bxeuayac.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Programmi\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [niiikdx] c:\winnt1\system32\niiikdx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINNT1\TEMP\se.dll,DllInstall
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [SPOOL Configuration] SPOOLSVC.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Programmi\a2\a2guard.exe"
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT1\System32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT1\System32\MSJAVA.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/nd/nd02688.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.forum.fastwebnet.org/home/font/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://207.44.186.186/2/hhctrl.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6814A9EF-FBF1-46B2-A46E-56B401079C26} - http://www.dialer-shop.com/cexe/b200999.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://209.250.114.120/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: text/html - {1EB36F88-2303-41F2-9A9A-88F07B2FA593} - (no file)
O18 - Filter: text/plain - {1EB36F88-2303-41F2-9A9A-88F07B2FA593} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT1\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: nxokvbvkzaoq - Unknown - C:\WINNT1\system32\vvkoucnt5.exe (file missing)
O23 - Service: Servizio Auto-Protect di Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Update Service - Unknown - C:\WINNT1\system32\wupdated.exe (file missing)

2) i have installe Norton inetrnet Securirty 2005.

3) i recive in many time error ccapp.exe and winlogon.exe
ASKER CERTIFIED SOLUTION
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of FalconHawk
FalconHawk
On the first eyeglimp, i see no infection in the running processes list. BUT i see another thing: there are litterally tons of programs running in the background. How much RAM do you have? i think the unstability isnt caused by virusses, but trough a lack of system rescources.

RAM is needed to run everything, and the less you have free, the longer it takes to run a program. and programs that ARE running in the background, also use RAM. eigther get more RAM, or try paging memory (if its the ram, ill tell you HOW you use it. just post the RAM usage first ;)
Avatar of kneH
kneH
Don't let that many programs start up with your system.

Also try to change norton for kaspersky... uses waaay less resources.

I agree completely with FalconHawk on the RAM.
Avatar of rossfingal
rossfingal
Flag of United States of America image
I see all kinds of garbage running on your system -
For starters try this one - optimize.exe
Do a search on that.

Oh, and by the way - you have a VX2 infection

Just some information.
Your problems have Nothing to do with RAM.

Good luck!

RF
Avatar of FalconHawk
FalconHawk
Comment from rossfingal
Your problems have Nothing to do with RAM.

Yes and No. there is nothing wrong with the ram, BUT when you have this much programs running, its used a lot, causing the system to be slow. the RAM is fine, its just used to much.

For starters try this one - optimize.exe
Seems perfectly harmless..... see for yourself if it uses a lot of resources.

Further, try not having more then 1 program of the same kind active at a time... i see several anti spyuware programs. it just uses a lot o rescources, while 1 good one is probally all you need.
Avatar of kneH
kneH
O4 - HKLM\..\Run: [niiikdx] c:\winnt1\system32\niiikdx.exe
O4 - HKLM\..\Run: [LTdTfBTn3] C:\WINNT1\bxeuayac.exe

They seem odd btw..
Avatar of ajgoldjr
ajgoldjr
Run housecall.trendmicro.com online virus scan.  

Run Spybot S&D from security.kolla.de

Download the Microsoft Malicious Software Removal Tool

http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Then Update Windows completely.

This combination should help you detect and remove any virus' present.  

This should help,
Aj