Help me my computer is so slowwww

Unknown · March 2005

i really need your help my computer is so slow don't know what going on maybe i have a spyware or virus's on my comp. THANK YOU

Logfile of HijackThis v1.98.2
Scan saved at 7:46:28 PM, on 3/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\docume~1\christ~1\locals~1\temp\ySuwd.exe
C:\docume~1\christ~1\locals~1\temp\vM6miJ.exe
C:\docume~1\christ~1\locals~1\temp\0Ao.exe
C:\WINDOWS\System32\ehkvda.exe
C:\WINDOWS\fwhr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\rk.exe
C:\documents and settings\christian\local settings\temp\qzxS3pRaf.exe
C:\documents and settings\christian\local settings\temp\K7h.exe
C:\documents and settings\christian\local settings\temp\cso66o7.exe
C:\documents and settings\christian\local settings\temp\RyR.exe
C:\documents and settings\christian\local settings\temp\N6.exe
C:\WINDOWS\Xhrmy.exe
C:\windows\system32\HTHFDTIH.exe
C:\windows\system32\to.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\mqldxm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Visioneer\PaperPort\PPWebCap.exe
C:\WINDOWS\System32\lapthk32.exe
C:\WINDOWS\System32\ZwrLN.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HTHFDTIH.exe
C:\WINDOWS\System32\KhwX.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Christian\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christian\Local Settings\Temp\V5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ySuwd] C:\docume~1\christ~1\locals~1\temp\ySuwd.exe
O4 - HKLM\..\Run: [vM6miJ] C:\docume~1\christ~1\locals~1\temp\vM6miJ.exe
O4 - HKLM\..\Run: [0Ao] C:\docume~1\christ~1\locals~1\temp\0Ao.exe
O4 - HKLM\..\Run: [2@@PLXA2R53CTF] C:\WINDOWS\System32\FmrCj.exe
O4 - HKLM\..\Run: [zmzhlgenhqak] C:\WINDOWS\System32\ehkvda.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [bldqpqp] C:\WINDOWS\fwhr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [updater] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\updater.exe
O4 - HKLM\..\Run: [Zr72FqoVk] C:\documents and settings\christian\local settings\temp\Zr72FqoVk.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [qzxS3pRaf] C:\documents and settings\christian\local settings\temp\qzxS3pRaf.exe
O4 - HKLM\..\Run: [K7h] C:\documents and settings\christian\local settings\temp\K7h.exe
O4 - HKLM\..\Run: [Watcher] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Watcher.exe
O4 - HKLM\..\Run: [cso66o7] C:\documents and settings\christian\local settings\temp\cso66o7.exe
O4 - HKLM\..\Run: [RyR] C:\documents and settings\christian\local settings\temp\RyR.exe
O4 - HKLM\..\Run: [N6] C:\documents and settings\christian\local settings\temp\N6.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [HTHFDTIH.exe] c:\windows\system32\HTHFDTIH.exe
O4 - HKLM\..\Run: [to] C:\windows\system32\to.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [v7oh39e] mqldxm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\Visioneer\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [ew7nRVKtX] lapthk32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cashback/cab/installer_EMARKETMKR.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mmed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DA586-E2AB-47C8-BE6E-4619BD2396ED}: NameServer = 64.169.140.6 206.13.28.12
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll
O20 - AppInit_DLLs: mad.dll

visor · March 2005

anybody please help me clean up my computer? i really need your help my comp is so slow....PLEASE

visor · March 2005

hello its been like 3 days since i posted this thread please help me on which to remove!

Buckeye_Sam · March 2005

Sorry for the delay. It's been a busy week in my non-forum(and paying, btw) life.

You are heavily infected. I would like you run a couple programs to remove a lot of this junk and then we'll clean up whatever is left.

STEP ONE

Please download and run CCleaner
http://www.ccleaner.com/ccdownload.php

STEP TWO

Please follow these instructions to run Adware.

Download, install, update, configure, and run Ad-Aware SE Personal 1.05.
1. Download Ad-Aware SE Personal 1.05:
  - Download Ad-Aware SE Personal 1.05.
  - Save aawsepersonal.exe to a convenient location.
2. Install Ad-Aware SE Personal 1.05:
  - Double-click on aawsepersonal.exe to install the program.
  - Follow the default settings for installation.
  - After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
3. Update Ad-Aware SE Personal 1.05:
  - Double-click the Ad-Aware SE Personal icon on your desktop.
  - Click "Check for updates now" then click "Connect".
  - It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
4. Configure Ad-Aware SE Personal 1.05:
  - Click on the Gear button at the top of the window.
  - Click "General" on the left hand side to display the General Settings box.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Automatically save logfile"
      - "Automatically quarantine objects prior to removal"
      - "Safe Mode (always request confirmation)"
      - "Prompt to update outdated definitions" - change to 7 days from the default 14.
  - Click "Scanning" on the left hand side to display the Scan Settings box.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Scan within archives"
      - "Select drives & folders to scan" - select your hard drive(s).
      - "Scan active processes"
      - "Scan registry"
      - "Deep-scan registry"
      - "Scan my IE favorites for banned URLs"
      - "Scan my Hosts file"
  - Click "Advanced" on the left hand side to display the Advanced Settings box.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Move deleted files to Recycle Bin"
      - "Include additional object information"
      - "Include negligible objects information"
      - "Include environment information"
  - Click "Defaults" on the left hand side to display the Default Settings box.
    - Make sure these items have your preferred settings in them.:
      - "Default homepage"
      - "Default searchpage"
  - Click "Tweak" on the left hand side to display the Tweak Settings box.
    - Click the + (plus) sign next to the Log Files section. This will expand the section.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Include basic Ad-Aware settings in log file"
      - "Include additional Ad-Aware settings in log file"
      - "Include reference summary in log file"
      - "Include alternate data stream details in log file"
    - Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Unload recognized processes & modules during scan"
      - "Scan registry for all users instead of current user only"
      - "Obtain command line of scanned processes"
    - Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
    - Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      - "Always try to unload modules before deletion"
      - "During removal, unload Explorer and IE if necessary"
      - "Let Windows remove files in use at next reboot"
      - "Delete quarantined objects after restoring"
  - Once you are done with these settings, click "Proceed" to save them.
  - This will take you back to the main screen.
5. Run Ad-Aware SE Personal 1.05:
  - Click the "Start" button.
  - Uncheck the "Search for negligible risk entries" entry.
  - Choose the "Use custom scanning options" scan mode.
  - Click the "Next" button.
  - Ad-Aware will begin to scan for malware residing on your computer.
  - Allow the scan to finish.
  - Right-click on any entry in the list and click "Select All" to select the whole list.
  - Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

STEP THREEE

Download and run A squared. You'll have to register in order to get the update, but it's free.

http://www.emsisoft.com/en/software/free/

STEP FOUR

Please run these two online scans.
Make sure they are set to clean automatically:

http://www.bitdefender.com/scan/licence.php

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

If there are files that can not be removed by the scans please include that information in your next post.

Reboot and post a new hijackthis log.

visor · March 2005

i really appreciate the help, but because my computer is so slow i couldn't download or install the other programs! the only program that worked is aquad... please help!
heres my new log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\docume~1\christ~1\locals~1\temp\ySuwd.exe
C:\docume~1\christ~1\locals~1\temp\vM6miJ.exe
C:\docume~1\christ~1\locals~1\temp\0Ao.exe
C:\WINDOWS\System32\ehkvda.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\HTHFDTIH.exe
C:\windows\system32\to.exe
C:\WINDOWS\System32\mqldxm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HTHFDTIH.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe
C:\Documents and Settings\Christian\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christian\Local Settings\Temp\vH9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ySuwd] C:\docume~1\christ~1\locals~1\temp\ySuwd.exe
O4 - HKLM\..\Run: [vM6miJ] C:\docume~1\christ~1\locals~1\temp\vM6miJ.exe
O4 - HKLM\..\Run: [0Ao] C:\docume~1\christ~1\locals~1\temp\0Ao.exe
O4 - HKLM\..\Run: [2@@PLXA2R53CTF] C:\WINDOWS\System32\Vcj06J5Z.exe
O4 - HKLM\..\Run: [zmzhlgenhqak] C:\WINDOWS\System32\ehkvda.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [bldqpqp] C:\WINDOWS\fwhr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [updater] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\updater.exe
O4 - HKLM\..\Run: [Zr72FqoVk] C:\documents and settings\christian\local settings\temp\Zr72FqoVk.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [qzxS3pRaf] C:\documents and settings\christian\local settings\temp\qzxS3pRaf.exe
O4 - HKLM\..\Run: [K7h] C:\documents and settings\christian\local settings\temp\K7h.exe
O4 - HKLM\..\Run: [Watcher] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Watcher.exe
O4 - HKLM\..\Run: [cso66o7] C:\documents and settings\christian\local settings\temp\cso66o7.exe
O4 - HKLM\..\Run: [RyR] C:\documents and settings\christian\local settings\temp\RyR.exe
O4 - HKLM\..\Run: [N6] C:\documents and settings\christian\local settings\temp\N6.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [HTHFDTIH.exe] c:\windows\system32\HTHFDTIH.exe
O4 - HKLM\..\Run: [to] C:\windows\system32\to.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [v7oh39e] mqldxm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\Visioneer\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [ew7nRVKtX] lapthk32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cashback/cab/installer_EMARKETMKR.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mmed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DA586-E2AB-47C8-BE6E-4619BD2396ED}: NameServer = 64.169.140.6 206.13.28.12
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll

Buckeye_Sam · March 2005

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christian\Local Settings\Temp\vH9.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ySuwd] C:\docume~1\christ~1\locals~1\temp\ySuwd.exe
O4 - HKLM\..\Run: [vM6miJ] C:\docume~1\christ~1\locals~1\temp\vM6miJ.exe
O4 - HKLM\..\Run: [0Ao] C:\docume~1\christ~1\locals~1\temp\0Ao.exe
O4 - HKLM\..\Run: [2@@PLXA2R53CTF] C:\WINDOWS\System32\Vcj06J5Z.exe
O4 - HKLM\..\Run: [zmzhlgenhqak] C:\WINDOWS\System32\ehkvda.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [bldqpqp] C:\WINDOWS\fwhr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [updater] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\updater.exe
O4 - HKLM\..\Run: [Zr72FqoVk] C:\documents and settings\christian\local settings\temp\Zr72FqoVk.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [qzxS3pRaf] C:\documents and settings\christian\local settings\temp\qzxS3pRaf.exe
O4 - HKLM\..\Run: [K7h] C:\documents and settings\christian\local settings\temp\K7h.exe
O4 - HKLM\..\Run: [Watcher] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Watcher.exe
O4 - HKLM\..\Run: [cso66o7] C:\documents and settings\christian\local settings\temp\cso66o7.exe
O4 - HKLM\..\Run: [RyR] C:\documents and settings\christian\local settings\temp\RyR.exe
O4 - HKLM\..\Run: [N6] C:\documents and settings\christian\local settings\temp\N6.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [HTHFDTIH.exe] c:\windows\system32\HTHFDTIH.exe
O4 - HKLM\..\Run: [to] C:\windows\system32\to.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [v7oh39e] mqldxm.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [ew7nRVKtX] lapthk32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cas..._EMARKETMKR.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mmed.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist):

C:\Program Files\TV Media
C:\Program Files\CxtPls
C:\Program Files\SEP
C:\Program Files\eSyndicate
C:\Program Files\AutoUpdate
C:\WINDOWS\systb.dll
C:\WINDOWS\fwhr.exe
C:\WINDOWS\sysupd.exe
C:\WINDOWS\Xhrmy.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\System32\lmf32v.dll
c:\windows\system32\rk.exe
C:\WINDOWS\System32\mqldxm.exe
C:\WINDOWS\System32\Vcj06J5Z.exe
C:\WINDOWS\System32\ehkvda.exe
c:\installer\id53.exe
lapthk32.exe

Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.

Reboot your computer to go back to normal mode.

Download the TV Media Removal tool and run it.
http://www.bleepingcomputer.com/files/tvmedia.php

Now go back to my previous post and try to download and install the programs listed there and follow those instructions that you weren't able to before. Let me know of any problems that you have.

Please post a new hijackthis log.

Help me my computer is so slowwww

Comments