Computer Is So Sloooooooooooooow

[Deucehearts]

My friends computer is really slow. I tried running Adaware, Spybot and several online scans without any success at all. Everytime I tried running a scan the computer would freeze up and have to be restarted. I was only on the computer for 30 min and pop ups where all over the place. So here is the Hijack log. Help me if you can thanks.

Logfile of HijackThis v1.99.1

Scan saved at 8:36:01 PM, on 9/5/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\ibfeqdx.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\system32\NORMANANTIVIRUS.EXE

C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

C:\windows\system32\p6oM.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.exe

C:\windows\system32\ebEyB.exe

C:\windows\system32\15BRJLsg.exe

C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\system32\igmger.exe

C:\WINDOWS\system32\r?gsvr32.exe

C:\WINDOWS\system32\iearsa16.exe

C:\PROGRA~1\AIM\aim.exe

C:\WINDOWS\SYSTEM32\ebEyB.exe

C:\Program Files\rdso\eetu.exe

C:\WINDOWS\system32\QtrgRbne.exe

C:\WINDOWS\system32\LnaqyU35.exe

C:\Program Files\Aprps\CxtPls.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\WINDOWS\system32\cdmweb\iexxathnrd.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwlax.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pollserver.interpolls.com/cache/hbo...musicmatch.html

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\plg0\cxtpls.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O2 - BHO: (no name) - {63BC0E56-AFAC-E056-BE0E-ED55058EE7A4} - C:\WINDOWS\system32\nnq.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EF717B91-C20B-BD84-2050-CE09F61122C0} - C:\WINDOWS\system32\entopksa.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O2 - BHO: (no name) - {FCCCEE28-7B98-4690-8C5A-083FB8E1E0C8} - C:\WINDOWS\system32\cdmweb\iexxathnrd.dll

O2 - BHO: (no name) - {FEE418EA-BC48-FEB0-0E01-F88408AF71A1} - C:\WINDOWS\system32\vdyraudm.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Norman Antivirus] NORMANANTIVIRUS.EXE

O4 - HKLM\..\Run: [q4BhRv8] C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

O4 - HKLM\..\Run: [p6oM] C:\windows\system32\p6oM.exe

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Cyf0o.exe

O4 - HKLM\..\Run: [Wvzp.exe] C:\windows\system32\Wvzp.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ebEyB.exe] c:\windows\system32\ebEyB.exe

O4 - HKLM\..\Run: [15BRJLsg] C:\windows\system32\15BRJLsg.exe

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [cqmshny] c:\windows\system32\tyzwef.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [wssi3nV] igmger.exe

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe

O4 - HKLM\..\Run: [hghxmtk] c:\windows\system32\ibfeqdx.exe r

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [uzmrz] C:\WINDOWS\system32\r?gsvr32.exe

O4 - HKCU\..\Run: [hB3sRhZ8T] iearsa16.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe

O4 - HKCU\..\RunOnce: [Norman Antivirus] NORMANANTIVIRUS.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: BullGuard XComm (XCOMM) - Unknown owner - C:\WINDOWS\SYSTEM32\xcommsvr.exe (file missing)

Edited September 6, 2005 by Deucehearts

[Naming is hard]

0-o shouldn't this be Here

[Deucehearts]

can I move this or delete it sorry i posted in wrong section.

[blim]

Deuce, figuring out exactly where to post a question is the hardest part of posting! Don't be sorry, someone will always re-direct you or a Mod will move it for better exposure. My posts have been moved a lot and I haven't gotten yelled at yet (laughed at, lots of times, but not because I posted in the wrong place!)

Liz

[Parrotgeek7]

Normanantivirus, wierdontheweb and cashback/rebates are all spyware programs.

disable system restore, boot into safe mode and run add/remove programs an uninstall those 3. Then run your spyware and antivirus again, in safe mode.

You can re-enable system restore when you boot back into regular mode and don't see those 3 programs in your HJT log.

(I'm not reccomending using HJT to remove them, try uninstalling them first and Google those three apps, there are removal instructions available for them)