Can I please ask you to do a quick check of my Hijack This log for any problems. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 17:16:31, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
C:\DRIVERS\ANTI-SPYWARE\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DRIVERS\ANTI-SPYWARE\HIJACK THIS\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DRIVERS\ANTI-S~1\SPYBOT\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DRIVERS\HIJACK~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DRIVERS\HIJACK~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://www.bbc.co.uk
O15 - Trusted Zone: http://webedge.bigpond.com
O15 - Trusted Zone: http://webedge2.bigpond.com
O15 - Trusted Zone: http://www.bigpond.com
O15 - Trusted Zone: http://*.bigpondmusic.com
O15 - Trusted Zone: http://www.cd-wow.biz
O15 - Trusted Zone: http://www2.cd-wow.biz
O15 - Trusted Zone: http://*.chaos.com
O15 - Trusted Zone: http://book.qantas.com.au
O15 - Trusted Zone: http://bookings.virginblue.com.au
O15 - Trusted Zone: http://citibank.com.au
O15 - Trusted Zone: http://homepath.com.au
O15 - Trusted Zone: http://hoyts.ninemsn.com.au
O15 - Trusted Zone: http://pergolaland.sydney.homeone.com.au
O15 - Trusted Zone: http://rideshop.com.au
O15 - Trusted Zone: http://shareholders.commbank.com.au
O15 - Trusted Zone: http://shopping.yahoo.com.au
O15 - Trusted Zone: http://voguepergolas.canberra.homeone.com.au
O15 - Trusted Zone: http://www.bhg.com.au
O15 - Trusted Zone: http://www.brumbies.com.au
O15 - Trusted Zone: http://www.citibank.com.au
O15 - Trusted Zone: http://www.comsec.com.au
O15 - Trusted Zone: http://www.crocs.com.au
O15 - Trusted Zone: http://www.defcredit.com.au
O15 - Trusted Zone: http://www.google.com.au
O15 - Trusted Zone: http://www.grapevine.com.au
O15 - Trusted Zone: http://www.greaterunion.com.au
O15 - Trusted Zone: http://www.infochoice.com.au
O15 - Trusted Zone: http://www.ipac.com.au
O15 - Trusted Zone: http://www.lcansw.com.au
O15 - Trusted Zone: http://www.mitre10.com.au
O15 - Trusted Zone: http://www.naturaltherapypages.com.au
O15 - Trusted Zone: http://www.nike.com.au
O15 - Trusted Zone: http://www.nokia.com.au
O15 - Trusted Zone: http://www.nswlotteries.com.au
O15 - Trusted Zone: http://www.perfumeempire.com.au
O15 - Trusted Zone: http://www.perisherblue.com.au
O15 - Trusted Zone: http://www.petersofkensington.com.au
O15 - Trusted Zone: http://www.qantas.com.au
O15 - Trusted Zone: http://www.sanity.com.au
O15 - Trusted Zone: http://www.sony.com.au
O15 - Trusted Zone: http://www.tabma.com.au
O15 - Trusted Zone: http://www.telstra.com.au
O15 - Trusted Zone: http://www.theaustralian.news.com.au
O15 - Trusted Zone: http://www.thule.com.au
O15 - Trusted Zone: http://www.transact.com.au
O15 - Trusted Zone: http://www.virginblue.com.au
O15 - Trusted Zone: http://www.vistaprint.com.au
O15 - Trusted Zone: http://www.wallabies.com.au
O15 - Trusted Zone: http://www.ebel.com
O15 - Trusted Zone: http://mirror.bom.gov.au
O15 - Trusted Zone: http://www.bom.gov.au
O15 - Trusted Zone: http://www.militarysuper.gov.au
O15 - Trusted Zone: http://www.nla.gov.au
O15 - Trusted Zone: http://www.hoyts.com
O15 - Trusted Zone: http://*.limewire.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://abc.net.au
O15 - Trusted Zone: http://www.abc.net.au
O15 - Trusted Zone: http://niketown.nike.com
O15 - Trusted Zone: http://login.passport.com
O15 - Trusted Zone: http://www.qantas.com
O15 - Trusted Zone: http://www.sudoku.com
O15 - Trusted Zone: http://*.telstra.com
O15 - Trusted Zone: *.uiuc.edu
O15 - Trusted Zone: http://www.watchswiss.com
O15 - Trusted Zone: http://skype.weeworld.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://www.wmplugins.com
O15 - Trusted Zone: http://www.woodworkersworkshop.com
O15 - Trusted IP range: http://10.0.0.138
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141988857375
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au,vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au,vic.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\DRIVERS\ANTI-SPYWARE\ewido anti-malware\ewidoctrl.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\DRIVERS\HIJACK THIS\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Hello Paul and welcome back. tashi:) has pinned this information at the top of the forum for you:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

Please do not post HijackThis logs just to feel good about your clean machine which has no indication of infection.

The volunteers are very busy, so if you have a problem, please describe it in as much detail as possible, mention any error messages you are receiving "word for word" and please read and follow all of the instructions in
"BEFORE you POST". I will be glad to look at that information for you.

If you post, please let us know if you placed those sites in your "Trusted Zone"

Thanks

Apologies for not reading 'Before You Post'. You correctly pointed out I did not state my problem.

I previously had big problems with malware, which your site helped my address. However, my machine has been very slow of late, despite all the precautions I now take (per your advice). I was therefore keen to determine if malware was again causing me problems.

Apologie once again, any feedback appreciated.

PG

Paul, I would like to help if possible. A slow computer is not always caused by malware. Here are links I usually offer when no malware is present:
http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx
http://vlaurie.com/computers2/Articles/runbetter.htm
http://www.linkgrinder.com/tutorials/10_Easy_Steps_to_Speed_Up_Your_Comp_24946_Computers_article.html
http://www.techbuilder.org/recipes/59201471

It may be hidden malware is a work, so after you try those solutions, especially a good maintenance then read the "Before you Post" information and run a good alternate online virus scan and post the results along with any other information suggested and a fresh HJT log. If you do find a need to post once you have tried that information, please let me know about the 015 items in your HJT log.

I will add that you may pursue both options at once, but I have always found it is better to troubleshoot one step at a time.

Thanks...Phil

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.