Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Please analyse my LOG and help me cure my computer

  • Please log in to reply
1 reply to this topic

#1 Sonika


  • Members
  • 1 posts
  • Local time:11:18 AM

Posted 25 September 2005 - 05:14 AM

My computer is running very slowly, seems as it's having problems turning pages when I'm connected to IE or Opera and I don't know why.
I have run Spybot - Search & Destroy and Ad-Aware SE and nothing was detected.

Here is my LOG and I hope that here will be the answer to my problem, please help me:

Logfile of HijackThis v1.99.1
Scan saved at 070554, on 2005-09-25
Platform Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes
CProgram FilesMSN AppsUpdater01.02.3000.1001pl-plmsnappau.exe
CProgram FilesMicrosoft AntiSpywaregcasServ.exe
CProgram FilesCommon FilesRealUpdate_OBrealsched.exe
CProgram FilesJavajre1.5.0_04binjusched.exe
CProgram FilesQuickTimeqttask.exe
CProgram FilesMicrosoft AntiSpywaregcasDtServ.exe
CProgram FilesWinampwinampa.exe
CProgram FilesMSN MessengerMsnMsgr.Exe
CProgram FilesSkypePhoneSkype.exe
CProgram FilesGadu-Gadugg.exe
CProgram FilesWeb-a-photoWeb-a-photo.exe
CProgram FilesMicrosoft OfficeOfficeOSA.EXE
CProgram FilesPhotoWorksPhotoWorks Digital PartnerAcquire.exe
CProgram FilesOperaOpera.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = httpwww.imageshack.usindex4.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = httpwww.interia.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = httpwww.imageshack.usindex4.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = httpwww.interia.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = httpwww.imageshack.usindex4.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CPROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - CProgram FilesMSN AppsMSN Toolbar01.02.3000.1001pl-plmsntb.dll
O3 - Toolbar MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - CProgram FilesMSN AppsMSN Toolbar01.02.3000.1001pl-plmsntb.dll
O4 - HKLM..Run [NvCplDaemon] RUNDLL32.EXE CWINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run [AVG7_CC] CPROGRA~1GrisoftAVGFRE~1avgcc.exe STARTUP
O4 - HKLM..Run [msnappau] CProgram FilesMSN AppsUpdater01.02.3000.1001pl-plmsnappau.exe
O4 - HKLM..Run [gcasServ] CProgram FilesMicrosoft AntiSpywaregcasServ.exe
O4 - HKLM..Run [TkBellExe] CProgram FilesCommon FilesRealUpdate_OBrealsched.exe -osboot
O4 - HKLM..Run [SunJavaUpdateSched] CProgram FilesJavajre1.5.0_04binjusched.exe
O4 - HKLM..Run [QuickTime Task] CProgram FilesQuickTimeqttask.exe -atboottime
O4 - HKLM..Run [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run [PestPatrolCL] cPROGRA~1PESTPA~1PestPatrolCL.exe c
O4 - HKLM..Run [nwiz] nwiz.exe install
O4 - HKLM..Run [NeroCheck] CWINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run [CookiePatrol] CPROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run [WinampAgent] CProgram FilesWinampwinampa.exe
O4 - HKCU..Run [MsnMsgr] CProgram FilesMSN MessengerMsnMsgr.Exe background
O4 - HKCU..Run [IncrediMail] CProgram FilesIncrediMailbinIncMail.exe c
O4 - HKCU..Run [Skype] CProgram FilesSkypePhoneSkype.exe nosplash minimized
O4 - HKCU..Run [Gadu-Gadu] CProgram FilesGadu-Gadugg.exe tray
O4 - HKCU..Run [Web-a-photo] CProgram FilesWeb-a-photoWeb-a-photo.exe RunMinimized
O4 - HKCU..Run [Spyware Assassin v.4.0] CProgram FilesSpyware Assassin 4.0Spyware Assassin.exe
O4 - HKCU..Run [NvMediaCenter] RUNDLL32.EXE CWINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup PhotoWorks Acquire.lnk = CProgram FilesPhotoWorksPhotoWorks Digital PartnerAcquire.exe
O4 - Startup PhotoWorks Upload Scheduler.lnk = CProgram FilesPhotoWorksPhotoWorks Digital PartnerPhotoWorksWiz.exe
O4 - Global Startup Pasek skrótów Microsoft Office.lnk = CProgram FilesMicrosoft OfficeOfficeMSOFFICE.EXE
O4 - Global Startup Uruchamianie pakietu Office.lnk = CProgram FilesMicrosoft OfficeOfficeOSA.EXE
O8 - Extra context menu item &Add animation to IncrediMail Style Box - CPROGRA~1INCRED~1binresourcesWebMenuImg.htm
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O16 - DPF {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - httpgo.microsoft.comfwlinklinkid=36467&clcid=0x409
O16 - DPF {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - httpwww.web-a-photo.comWebaphotoUploaderXP.cab
O16 - DPF {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - httpspaces.msn.comPhotoUploadMsnPUpld.cab10,0,910,0
O16 - DPF {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - httpsonika.myphotoalbum.comEasyUploadTool.cab
O16 - DPF {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - httpv5.windowsupdate.microsoft.comv5consumerV5Controlsenx86clientwuweb_site.cab1096399210906
O16 - DPF {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - httpupdate.microsoft.commicrosoftupdatev6V5Controlsenx86clientmuweb_site.cab1126454871234
O16 - DPF {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - httpcommunity.webshots.comhtmlWSPhotoUploader.CAB
O16 - DPF {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - httpwww.rav.roscanravonline.cab
O16 - DPF {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - httpskaner.mks.com.plSkanerOnline.cab
O16 - DPF {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - httpwww5.incredimail.comcontentssetupdownloaderimloader.cab
O16 - DPF {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - httppdl.stream.aol.comdownloadsaolunagiampx_en_dl.cab
O17 - HKLMSystemCCSServicesTcpip..{48B0BDF3-A4E7-447B-BDF0-8E52B941390C} NameServer =,,,
O23 - Service AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - CPROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - CPROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service Creative Service for CDROM Access - Creative Technology Ltd - CWINDOWSSystem32CTsvcCDA.exe
O23 - Service MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - CProgram FilesMKSBinmksmonsv.exe (file missing)
O23 - Service NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - CWINDOWSSystem32nvsvc32.exe

Edited by Sonika, 25 September 2005 - 07:07 AM.

BC AdBot (Login to Remove)


#2 OldTimer


    Malware Expert

  • Members
  • 11,092 posts
  • Gender:Male
  • Location:North Carolina
  • Local time:12:18 PM

Posted 30 September 2005 - 06:20 AM

Hello Sonika and welcome to the BC HijackThis forum. I do not see any problems with viruses or malware in the HijackThis log. It is clean.

I do see 4 DNS server entries (item 017). Normally there should be only 2 of these where applicable. You might want to contact your ISP and find out what the correct DNS settings are for your connection and change them accordingly. It could be that the connection is getting confused over which DNS server to use or the DNS server information could be incorrect.


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users