C:\DOCUME~1\Angela\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\
HijackThis.exe <<== wrong location!)
Move to e.g. C:\Program Files\HJT
There are several ways to speed up a PC: more memory, faster harddisk, faster processor, etc.
But these are irrelevant if the software is not 'playing ball'.
Installing monster bloatware like AOL and Norton/Symantec does not help at all.
Having umpteen programs constantly checking for updates does not increase speed either.
Running CHKDSK /F and DEFRAG regularly will make things run smoother (Always keep at least 15% free on your harddisk).
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <<== MS space-waster
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <<== do you need this? Probably not.
- Remote Control background application for CyberLink's PowerDVD version 5 and above.
- Enables you to use a remote control with your DVD drive if your drive came with one.
- Not required if you don't have a remote control
- If you have one, start it manually only when you play DVDs.
C:\Program Files\QuickTime\qttask.exe <<== update-checker, not needed, can do manually
C:\Program Files\BigFix\BigFix.exe <<== update-checker, start it manually e.g. once a week.
C:\PROGRA~1\Rhapsody\rhaphlpr.exe <<== problem-checker, only start manually if you have problems.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
C:\Program Files\Microsoft Office\Office10\OSA.EXE
- Starts the office-bar. If you don't use it, stop it.
C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <<== MS space-waster, unless you use it (hardly, if at all).
C:\Program Files\AIM\aim.exe <<== Only keep if you use it (part of AOL)
I would suggest to stop these programs from running automatically, which is reflected in the 'FIXes' underneath.
= = = = = = = Now for the
HJT-Fix = = = = = = = =
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
ShowWnd.exe
msnmrg.exe
PRISMXL.SYS
Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\AOL Toolbar\toolbar.dll <<== probably in Control Panel/Add-Remove programs
Next, click Start/Run and type
services.msc and click OK. Look for the service:
Indexing Service
PRISMXL.SYS (maybe it is not in your Services, don't worry)
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\
New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\Rhapsody\rhaphlpr.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\
AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ShowWnd]
ShowWnd.exe <<== trojan
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\
msnmrg.exe <<== trojan
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== update-checker
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe <<== see above
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <<== see above
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <<== not needed
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <<== Only keep if you use it
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
