Ask Experts Questions for FREE Help !
Ask
    dawna_b_99's Avatar
    dawna_b_99 Posts: 2, Reputation: 1
    New Member
    		  
    #1

    Feb 27, 2008, 03:59 PM
    hjt log
    this is my hjt log. My computer is running really slow and some times won't load pages at all. Can someone look at my log and give me advice on on how to fix it.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:53:45 PM, on 27/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Centre for Distance Education's Students Only website. Please see www.cd-ed.com if you wish to learn about the leader in new media online education.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\.. \Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\.. \Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\.. \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\.. \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\.. \Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\.. \Run: [{54-49-99-9C-DW}] C:\WINDOWS\system32\xo4\dameco3305.exe DWram
    O4 - HKLM\.. \Run: [9c754933] rundll32.exe "C:\WINDOWS\system32\kocjskgn.dll",b
    O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\.. \Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\.. \Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\.. \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\xo4\dameco3305.exe
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: Centre for Distance Education's Students Only website. Please see www.cd-ed.com if you wish to learn about the leader in new media online education.
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dawnablaz.spaces.live.com//Ph...d/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1172167406390
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\.. \{4A2D59BB-CA67-43F7-9A78-B10193A4AC01}: NameServer = 206.47.244.105 206.47.244.13
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    --
    End of file - 7074 bytes
    terellowens's Avatar
    terellowens Posts: 123, Reputation: 9
    Junior Member
    		  
    #2

    Feb 27, 2008, 04:01 PM
    Buy bulldog... virus protection...
    dawna_b_99's Avatar
    dawna_b_99 Posts: 2, Reputation: 1
    New Member
    		  
    #3

    Feb 27, 2008, 04:06 PM
    I have to use free software, do not have a credit card, but thanks
    invisibleman_productions's Avatar
    invisibleman_productions Posts: 207, Reputation: 12
    Full Member
    		  
    #4

    Feb 28, 2008, 09:28 AM
    The only thing which looks suspicious is
    O4 - HKLM\.. \Run: [{54-49-99-9C-DW}] C:\WINDOWS\system32\xo4\dameco3305.exe DWra

    1 Run the anti spyware remove programs spybot Security News from the net: Spybot search and destroy spyware and popups 2 superantispyware Security News from the net: SUPERAntiSpyware Home Edition (free version) to get rid of the nasties
    3 Run a complete scan with Dr web
    Dr.Web - innovative technologies for information security. Antivirus & antispam protection. / Download / Programs for Windows

    IF you still find it slow

    Let the experts take a look at what's happening on your computer.Visit the HijackThis Logs and Analysis forum. BleepingComputer.com -> HijackThis Logs and Malware Removal or SWI Forums (Powered by Invision Power Board) or Alliance of Security Analysis Professionals
    Alliance of Security Analysis Professionals™
    Will00's Avatar
    Will00 Posts: 66, Reputation: 3
    Junior Member
    		  
    #5

    Mar 9, 2008, 07:15 PM
    First we need to disable the Spybot TeaTimer. You can do so by visiting this site.

    Now, close all applications and open HijackThis. Run another scan and select the checkbox next to the following:

    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    (The other process - mentioned in the previous post by invisableman_productions - I was unable to verify if it was malware. This is why I am not advising it to be removed.)

    Now, close all applications and boot in Safe Mode. Go to My Computer and direct through to here:

    C:\WINDOWS\system32\

    Delete the following file (if present):

    PSIService.exe

    Please log back into regular boot and post another log.
Not your question? Ask your question View similar questions
 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

Computer security from viruses and spyware [ 5 Answers ]

What's the best virus protection and spyware protection, I've used mc affee norton kaporski and a few others but none of them seem to be working. Also how do I get stuff that's already on my computer off... I've used a lot of spyware removers and even restored my computer to factory settings and...

Why does my computer hang after the windows XP logo? [ 3 Answers ]

I need someone's help severely... Every time I boot up into Windows XP, the windows XP loads fine and then I get a black screen and then it just hangs for about 2 minutes with the HD activity light flashing dimly... I then go into my computer, unhook the IDE cable and plug it back in... then I take...

Windows XP hotfix - slow computer? [ 6 Answers ]

I have a list of 13 "windows XP hotfix" in my add/remove section of the control window. From what I can gather they are related to SP1 or SP2 - can they be removed safely? I have not installed SP2 and do not intend to. Also, my computer has been running very slowly lately. Could this be why?

My computer is empty on windows xp [ 1 Answers ]

When I go to "my computer" none of my disk drives, scanners, etc show up. What happened, and what can I do to fix it?

Hi there anyone its about computer viruses... [ 5 Answers ]

Firt I want to thank you who every you are by reading this... now I have a computer problem... but I want to know first what is the best anti spy or virus should I use... I have tried spybots, adaware, Microsoft beta, trojan hunter, norton 2005, zero pop-up, spyware doctor, symantic, avast... but...

View more questions Search