Slow running computer help....I think it might be a virus. HJT log inside

Posted 4/13/2006 11:41 PM
#29836
User avatar

Carol11 Member

Date Joined Nov 2016
Total Posts: 2
Can anyone tell me if any of these files should be deleted with hijack this. Thanks...You would make my daughters day if we could get this computer up to speed.




Logfile of HijackThis v1.99.1
Scan saved at 6:41:12 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
Posted 4/16/2006 10:00 AM
#29931
User avatar

rob_b Member

Date Joined Nov 2016
Total Posts: 3
I noticed that you have posted another log, is this for a different PC? The reason why I ask is that the two logs are different. On the PC in this post, you don't seem to have Spybot or Adaware.

This is some of what you need to do:

First, read this page:

https://www.liutilities.com/products/wintaskspro/processlibrary/msmsgs/

I think this might be your probem.

Then

- download Lavasoft's AdAware SE (www.lavasoft.de, then click on AdAware Personal, then click the download link - this takes you to CNET where you can download the file)
- install AA and update the signatures (click on Check for updates now)

- download and install Spybot. Update the signatures (I assume you can do this if it's on your other PC)

Disconnect from the Internet.

- run an AdAware scan: this could take 30+ min
- read the summary of what is found. The MRU's are less damaging but you might want to remove them... ** but if you have saved passwords to automatically fill in on a website these might get cleared with the cookies, so remove with caution! **

- the other items might be trojans, worms or viruses and can be removed - just make sure they're ticked and then press next.

- then run spybot and make sure immunisation is turned on; see what that finds

Hopefully this will detect all your problems. Please post again when you have tried these things.

Two more things you could try are

(1) Webroot Spysweeper. You can get a 14 day trial and I've used it successfully to get rid of a nasty trojan.

(2) Panda Antivirus online scan. You need to use Internet Explorer and download an ActiveX control, but this was very effective in getting rid of a few viruses that N*rton didn't detect.

Hope this helps,

Robert
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, February 17, 2019, 10:26 AM (GMT +1)
There are a total of 61,693 posts in 13,599 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 38,452 registered members. Please welcome our newest member, kenyon graham.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.