My problem is frequent internet crashes, especially when I've been away form the computer for any amount of time, and very slow responses for all programs.
My HiJack this program advised me of the following:
"You have a particularly large amount of hijacked domains (must be the reason for my problem), It's probably better to delete the file itself than to fix each item and create a backup.
If you see the same IP address in all of the reported O1 items, consider deleting your hosts file, which is located at C;\WINDOWS\System32\drivers\etc\hosts."
I have pasted it here and am reluctant to delete anything without your guidance:
Logfile of HijackThis v1.99.1
Scan saved at 7:13:27 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kelly\Desktop\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O1 - Hosts: 127.0.2.48 TILLNOTESSRV
O1 - Hosts: 127.0.1.139 plymlst1
O1 - Hosts: 127.0.2.50 SHELQAD
O1 - Hosts: 127.0.2.35 17srr
O1 - Hosts: 127.0.1.33 MILAWMS
O1 - Hosts: 127.0.1.154 14SVK
O1 - Hosts: 127.0.1.98 MILATERM
O1 - Hosts: 127.0.1.27 16bww
O1 - Hosts: 127.0.1.44 CITRIX
O1 - Hosts: 127.0.1.242 11cpk
O1 - Hosts: 127.0.1.194 devlqad.fngp.com
O1 - Hosts: 127.0.1.148 SHE1NOTESSRV
O1 - Hosts: 127.0.1.81 14svk2
O1 - Hosts: 127.0.1.67 plycad1
O1 - Hosts: 127.0.1.82 MILANOTESAPP
O1 - Hosts: 127.0.1.119 70mpg
O1 - Hosts: 127.0.1.166 14mb
O1 - Hosts: 127.0.1.245 14svk
O1 - Hosts: 127.0.1.87 portal
O1 - Hosts: 127.0.1.133 LAGRAP3
O1 - Hosts: 127.0.1.224 fngpov4
O1 - Hosts: 127.0.1.66 14jfm3
O1 - Hosts: 127.0.1.149 LAGRAP2
O1 - Hosts: 127.0.2.24 13cxtxp2
O1 - Hosts: 127.0.1.170 LAGRAP1
O1 - Hosts: 127.0.1.38 80S2S
O1 - Hosts: 127.0.1.234 gloufs.fngp.com
O1 - Hosts: 127.0.1.72 14tcn
O1 - Hosts: 127.0.1.254 17rks
O1 - Hosts: 127.0.1.83 extnorst1
O1 - Hosts: 127.0.1.103 30J1D2
O1 - Hosts: 127.0.1.235 LAGRQAD
O1 - Hosts: 127.0.1.222 nortlnxtw
O1 - Hosts: 127.0.1.215 PLY2FS
O1 - Hosts: 127.0.2.10 17lxl
O1 - Hosts: 127.0.1.160 PLYMCERT
O1 - Hosts: 127.0.1.182 NORTDC
O1 - Hosts: 127.0.1.188 NECEFS
O1 - Hosts: 127.0.1.218 DATAWH
O1 - Hosts: 127.0.1.20 14sut
O1 - Hosts: 127.0.1.48 miladms
O1 - Hosts: 127.0.1.35 nortce20
O1 - Hosts: 127.0.1.192 nortfs
O1 - Hosts: 127.0.1.228 nortsms03
O1 - Hosts: 127.0.2.29 10tpw
O1 - Hosts: 127.0.1.191 80jqd2
O1 - Hosts: 127.0.1.187 13cjblaptop
O1 - Hosts: 127.0.1.118 CORTFS
O1 - Hosts: 127.0.1.14 meeting.fngp.com
O1 - Hosts: 127.0.1.11 SHOPPRO
O1 - Hosts: 127.0.1.164 plymace
O1 - Hosts: 127.0.1.151 SPENFS
O1 - Hosts: 127.0.1.57 BACKUPSRV
O1 - Hosts: 127.0.1.121 14jfmopenviewpc
O1 - Hosts: 127.0.2.26 CLEVFS
O1 - Hosts: 127.0.1.233 PLYMLNA
O1 - Hosts: 127.0.1.61 11syg
O1 - Hosts: 127.0.1.107 SlobFS
O1 - Hosts: 127.0.1.50 11vfj
O1 - Hosts: 127.0.2.31 NORTSWF
O1 - Hosts: 127.0.1.240 QUERFS
O1 - Hosts: 127.0.1.54 14sgrxp
O1 - Hosts: 127.0.2.34 14jwrxp
O1 - Hosts: 127.0.1.231 nortce10
O1 - Hosts: 127.0.2.17 40gj
O1 - Hosts: 127.0.1.36 14rpg2
O1 - Hosts: 127.0.1.253 SAPQA
O1 - Hosts: 127.0.1.75 PLYM-BEST-MTS
O1 - Hosts: 127.0.1.185 17dkj
O1 - Hosts: 127.0.1.225 LIGOFS
O1 - Hosts: 127.0.1.152 nortlst1.fngp.com
O1 - Hosts: 127.0.1.183 CUAUFS
O1 - Hosts: 127.0.1.175 13twbxp
O1 - Hosts: 127.0.1.79 14pas
O1 - Hosts: 127.0.1.219 devlqad
O1 - Hosts: 127.0.1.64 14lzv
O1 - Hosts: 127.0.2.46 NORTBB
O1 - Hosts: 127.0.1.230 EBLOTUS
O1 - Hosts: 127.0.2.32 TILLAP1
O1 - Hosts: 127.0.1.12 SANTFS
O1 - Hosts: 127.0.2.12 13jvkxp
O1 - Hosts: 127.0.1.99 13duhxp
O1 - Hosts: 127.0.1.96 houistsrv
O1 - Hosts: 127.0.1.141 TILLQAD
O1 - Hosts: 127.0.1.239 13djsxp
O1 - Hosts: 127.0.1.201 NORTAV
O1 - Hosts: 127.0.1.237 15kjp
O1 - Hosts: 127.0.1.26 CMPTQAD
O1 - Hosts: 127.0.1.238 nortdc
O1 - Hosts: 127.0.1.220 FINDQAD
O1 - Hosts: 127.0.1.142 16JS5
O1 - Hosts: 127.0.1.205 NORTWEB1
O1 - Hosts: 127.0.1.198 NT1
O1 - Hosts: 127.0.1.115 PLYMFS
O1 - Hosts: 127.0.1.131 nortmcm
O1 - Hosts: 127.0.2.14 BRISQAD
O1 - Hosts: 127.0.1.130 IWFWEB
O1 - Hosts: 127.0.1.39 CLEVDC
O1 - Hosts: 127.0.1.112 13-cae-03
O1 - Hosts: 127.0.1.49 13rvd
O1 - Hosts: 127.0.1.40 briscae1fs
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134766052118
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
I also ran another virus scan program and it advised me to post this log as well
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
C:\Casino Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sonic RecordNow!"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»