Help My Hijackthis Log!...., IE long time to load and freezes now 2

  1. 18-11-2004  #1
    flakeup
    flakeup is offline Newbie

    Help My Hijackthis Log!...., IE long time to load and freezes now 2

    Got a bunch of spyware all suddenly... this just happened recently, my ie takes long time to and sometimes freezes after it loads?, when it does load cant really use it much, just looking around went to yahoo and... Iexplore.exe has errors and will be closed by windows, dunno why I get this msg ... & components like my comptuer take long time to load too) which never happened b4
    2. (also the websearch and winupdtl keep returning after I delete em) Please help! heres my hijackthis log


    Logfile of HijackThis v1.98.2
    Scan saved at 1:55:24 PM, on 11/18/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\winupdt.exe
    C:\WINNT\System32\winupdt.exe
    C:\Program Files\America Online 7.0\waol.exe
    C:\WINNT\System32\difyxc.exe
    C:\WINNT\System32\taskmgr.exe
    D:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rpgd.emulationworld.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O1 - Hosts: ** BEGIN **
    O1 - Hosts: 202.85.164.51 www.mirkx.com
    O1 - Hosts: 202.85.164.51 mirkx.com
    O1 - Hosts: ** END **
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SDWin32 Class - {8FA50E3F-A70B-404B-A907-F985BD3DC05C} - C:\WINNT\System32\lyfrs.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [stcloader] C:\WINNT\System32\stcloader.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINNT\System32\winupdtl.exe
    O4 - HKLM\..\Run: [htqaeazcjeq] C:\WINNT\System32\difyxc.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: Short Message - {5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi3 2.dll
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf3 2.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/ht...ie/msichat.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1F0E52-0331-4D54-90AA-94E67760E180}: NameServer = 205.188.146.146
    Last edited by flakeup; 18-11-2004 at 08:17 PM.

  3. 18-11-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    Please update your HijackThis, you have an older version. The latest version is 1.98.2 and you can find it HERE. After you get it installed please post a fresh log, thanks.
  4. 18-11-2004  #3
    flakeup
    flakeup is offline Newbie
    updated, please help, Thx
  5. 18-11-2004  #4
    Bear
    Bear is offline D-A-L Elite Member
    Ok first I recommend you update Internet Explorer to either 5.5 or 6, I also recommend you download, install, update & run both Adaware & Spybot Search & Destroy. Have both programs fix any problems found and see if that helps. I see some things in your log that Adaware & Spybot Search & Destroy should take care of. After upgrading IE and running both Adaware & Spybot S & D and a reboot post a fresh log. Owen should be back tomorrow but this will be a good starting point and then Owen can take it from here.
  6. 18-11-2004  #5
    flakeup
    flakeup is offline Newbie
    i did with adaware and the websearchs came back..
  7. 18-11-2004  #6
    flakeup
    flakeup is offline Newbie
    i cant cause ie keeps freezing (stupid spyware??) you know how I can update and uninstall it at the same time..
  8. 21-11-2004  #7
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Could you post a Hijack This log with the updated version please and I'll take a look.
+ Reply to Thread
« Cannot connect | Add/Remove Programs - Suspicious Entries »