hijackthis log - need help (with attachment)

By jasher
Jul 10, 2005
  1. Reposting with attachment. Please disacrad earlier message, i dont know how to edit or delete.
    I saw some messages on this board regarding hijackthis earlier. Can someone help me with mine?
    Problem: My pc has been very slow lately in booting up and i also strated getting 'msnmrg.exe' warning messages. So I did search and found out that it is a virus installed software. It was in winodws\ directory so i went there and retitled it something different. I still see an entry in the register:
    HKEY-Local MAchine-software-microsoft-windows-current view-run> Windows service Manager =
    Question: Should I remove this? (After retitling the actual msnmrg file the system boot has not been any faster, in fact it is a little slower!)
    I also did a scan of hijackthis. Log file text is insterted below.
    Question: What else that needs to be removed that is malicious and will make it faster and how should i remove it?
    I also want to get rid of the AOL taskbar, is there an Uninstall available or do i need to remove it through this?
    Here is the log file. Thanks in advance for your help. Apologies for a long message.

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\DOCUME~1\Angela\LOCALS~1\Temp\Temporary Directory 2 for\HijackThis.exe <<== wrong location!)
    Move to e.g. C:\Program Files\HJT

    There are several ways to speed up a PC: more memory, faster harddisk, faster processor, etc.
    But these are irrelevant if the software is not 'playing ball'.
    Installing monster bloatware like AOL and Norton/Symantec does not help at all.
    Having umpteen programs constantly checking for updates does not increase speed either.
    Running CHKDSK /F and DEFRAG regularly will make things run smoother (Always keep at least 15% free on your harddisk).

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <<== MS space-waster
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <<== do you need this? Probably not.
    - Remote Control background application for CyberLink's PowerDVD version 5 and above.
    - Enables you to use a remote control with your DVD drive if your drive came with one.
    - Not required if you don't have a remote control
    - If you have one, start it manually only when you play DVDs.
    C:\Program Files\QuickTime\qttask.exe <<== update-checker, not needed, can do manually
    C:\Program Files\BigFix\BigFix.exe <<== update-checker, start it manually e.g. once a week.
    C:\PROGRA~1\Rhapsody\rhaphlpr.exe <<== problem-checker, only start manually if you have problems.
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
    C:\Program Files\Microsoft Office\Office10\OSA.EXE
    - Starts the office-bar. If you don't use it, stop it.
    C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <<== MS space-waster, unless you use it (hardly, if at all).
    C:\Program Files\AIM\aim.exe <<== Only keep if you use it (part of AOL)
    I would suggest to stop these programs from running automatically, which is reflected in the 'FIXes' underneath.

    = = = = = = = Now for the HJT-Fix = = = = = = = =
    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:


    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\AOL Toolbar\toolbar.dll <<== probably in Control Panel/Add-Remove programs

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    Indexing Service
    PRISMXL.SYS (maybe it is not in your Services, don't worry)
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BigFix\BigFix.exe

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe <<== trojan
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\msnmrg.exe <<== trojan
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe <<== see above
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <<== see above
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <<== Only keep if you use it
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    Now click on the Fix Checked button in HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).

    Boot normal. When all OK, switch System Restore back on.
  3. chrisbra

    chrisbra TS Rookie

    Staring a new thread

    I don't want to walk on someone else's thread and I don't know how to post a new one, so I just posted a reply here. I apologize if I don't do this correct. How do I post a new thread for my problem?
  4. stayzzhard

    stayzzhard TS Rookie

    heres the link,its in the search part of the forum..
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.