system_getting_slow_down_hijacklog_attached

[hbmarar]

hi,

I do not know whether this is the correct forum but I am having problem with my system ....

Attaching is the log file generated by Hijackthis and expect replies that points why my system is getting slow.

Thanking you in advance , I remain
******************************************************


Logfile of HijackThis v1.99.1
Scan saved at 5:17:18 PM, on 9/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER.EXE
C:\WINDOWS\SYSTEM\FPDISP4A.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\REDIFF BOL\REDIFFMESSENGER.EXE
C:\WINDOWS\PROFILES\HBMARAR\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.113:80
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\PROGRAM FILES\SOLIDDOCUMENTS\SOLIDCONVERTERPDF\SCPDF\EXPLOREEXTPDF.DLL
O2 - BHO: CSABHO Object - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SAISHOOK.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\PROGRAM FILES\SOLIDDOCUMENTS\SOLIDCONVERTERPDF\SCPDF\EXPLOREEXTPDF.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM\fpdisp4a.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Rediff Bol 7.0.lnk = C:\Program Files\Rediff Bol\RediffMessenger.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: Rediff Bol 7.0.lnk = C:\Program Files\Rediff Bol\RediffMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYIN
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71h

Harish Balakrishnan Marar

[Mhtml]

Quote:

Originally Posted by hbmarar

expect replies that points why my system is getting slow.

How rude. We are not here to serve you.

And I have never used hijackthis but glancing over that log file I see several lines of concern:

Code:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZUxdm080YYIN
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

Obviously that Yahoo content is not what I am refering to.

[Auriga]

Have you tried Ad-Aware, Spybot & Ewido Security Studio.

Also you should do an anti-virus scan, using up-to-date definitions.

HJT should only be used as a last resort, and don't remove anything unless you are 100% sure you know what you are removing.

[Spookster]

I don't use MS windows anymore but Yahoo doesn't normally put an ! mark at the end of their directory name do they?

C:\Program Files\Yahoo!\Common

I would look at that closer as well in case some spyware is trying to disguise itself as Yahoo.

But as was mentioned download Ad Aware and Spy Bot and run both of those. It does appear you have some spyware programs installed. More than one it looks like.

You also might want to take a look at your task manager. Look at the processes and sort it by CPU and/or memory usage and see which process it slowing your system down.

[JamieR]

Just out of interest, what AV client do you have?

[_Aerospace_Eng_]

Quote:

Originally Posted by Spookster

I don't use MS windows anymore but Yahoo doesn't normally put an ! mark at the end of their directory name do they?

C:\Program Files\Yahoo!\Common

I would look at that closer as well in case some spyware is trying to disguise itself as Yahoo.

But as was mentioned download Ad Aware and Spy Bot and run both of those. It does appear you have some spyware programs installed. More than one it looks like.

You also might want to take a look at your task manager. Look at the processes and sort it by CPU and/or memory usage and see which process it slowing your system down.

Yes yahoo does this. I have YIM installed on my system. The folder name is Yahoo!

[hbmarar]

hi to all,

Thanks for the concerns and pointers wrote for me.

Sorry, if you all felt me rude with my language.I am not that sure of language.Sorry.I do know it is only the kindness that I should be asking for..sorry.

Hope you all did not took my rudeness seriously enough.

THanking you once again for the consideration and concern...

Wishing you all a nice time.

harish Balakrishnan Marar

[_Aerospace_Eng_]

Quote:

Originally Posted by hbmarar

hi to all,

Thanks for the concerns and pointers wrote for me.

Sorry, if you all felt me rude with my language.I am not that sure of language.Sorry.I do know it is only the kindness that I should be asking for..sorry.

Hope you all did not took my rudeness seriously enough.

THanking you once again for the consideration and concern...

Wishing you all a nice time.

harish Balakrishnan Marar

It wasn't so much as your language, it was the way you "expected answers" we are all volunteers here. We can choose who's questions we answer.