hijackthis log - need help (with attachment)

By jasher
Jul 10, 2005
  1. Reposting with attachment. Please disacrad earlier message, i dont know how to edit or delete.
    I saw some messages on this board regarding hijackthis earlier. Can someone help me with mine?
    Problem: My pc has been very slow lately in booting up and i also strated getting 'msnmrg.exe' warning messages. So I did search and found out that it is a virus installed software. It was in winodws\ directory so i went there and retitled it something different. I still see an entry in the register:
    HKEY-Local MAchine-software-microsoft-windows-current view-run> Windows service Manager =
    Question: Should I remove this? (After retitling the actual msnmrg file the system boot has not been any faster, in fact it is a little slower!)
    I also did a scan of hijackthis. Log file text is insterted below.
    Question: What else that needs to be removed that is malicious and will make it faster and how should i remove it?
    I also want to get rid of the AOL taskbar, is there an Uninstall available or do i need to remove it through this?
    Here is the log file. Thanks in advance for your help. Apologies for a long message.

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\DOCUME~1\Angela\LOCALS~1\Temp\Temporary Directory 2 for\HijackThis.exe <<== wrong location!)
    Move to e.g. C:\Program Files\HJT

    There are several ways to speed up a PC: more memory, faster harddisk, faster processor, etc.
    But these are irrelevant if the software is not 'playing ball'.
    Installing monster bloatware like AOL and Norton/Symantec does not help at all.
    Having umpteen programs constantly checking for updates does not increase speed either.
    Running CHKDSK /F and DEFRAG regularly will make things run smoother (Always keep at least 15% free on your harddisk).

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <<== MS space-waster
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <<== do you need this? Probably not.
    - Remote Control background application for CyberLink's PowerDVD version 5 and above.
    - Enables you to use a remote control with your DVD drive if your drive came with one.
    - Not required if you don't have a remote control
    - If you have one, start it manually only when you play DVDs.
    C:\Program Files\QuickTime\qttask.exe <<== update-checker, not needed, can do manually
    C:\Program Files\BigFix\BigFix.exe <<== update-checker, start it manually e.g. once a week.
    C:\PROGRA~1\Rhapsody\rhaphlpr.exe <<== problem-checker, only start manually if you have problems.
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
    C:\Program Files\Microsoft Office\Office10\OSA.EXE
    - Starts the office-bar. If you don't use it, stop it.
    C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <<== MS space-waster, unless you use it (hardly, if at all).
    C:\Program Files\AIM\aim.exe <<== Only keep if you use it (part of AOL)
    I would suggest to stop these programs from running automatically, which is reflected in the 'FIXes' underneath.

    = = = = = = = Now for the HJT-Fix = = = = = = = =
    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:


    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\AOL Toolbar\toolbar.dll <<== probably in Control Panel/Add-Remove programs

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    Indexing Service
    PRISMXL.SYS (maybe it is not in your Services, don't worry)
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BigFix\BigFix.exe

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe <<== trojan
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\msnmrg.exe <<== trojan
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe <<== see above
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <<== see above
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <<== Only keep if you use it
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    Now click on the Fix Checked button in HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).

    Boot normal. When all OK, switch System Restore back on.
  3. chrisbra

    chrisbra TS Rookie

    Staring a new thread

    I don't want to walk on someone else's thread and I don't know how to post a new one, so I just posted a reply here. I apologize if I don't do this correct. How do I post a new thread for my problem?
  4. stayzzhard

    stayzzhard TS Rookie

    heres the link,its in the search part of the forum..
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...