My HijackThis log...

Papacita · April 23, 2004

Logfile of HijackThis v1.97.7

Scan saved at 7:04:15 AM, on 4/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program Files\Creative\8xxx\bbui.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\AMERIC~2.0\waol.exe

C:\PROGRA~1\AMERIC~2.0\shellmon.exe

C:\PROGRA~1\AMERIC~2.0\aolwbspd.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\ntvdm.exe

c:\windows\temp\vcFmi6sss.exe

C:\WINDOWS\SYSTEM32\CS4P028.EXE

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\SYSTEM32\CS4P028.EXE

C:\Program Files\AOL Companion\companion.exe

C:\WINDOWS\System32\IEDriver\IEDriver.exe

C:\DOCUME~1\Family\Application Data\amee.exe

C:\WINDOWS\System32\rundll32.exe

C:\PROGRA~1\eZula\mmod.exe

C:\WINDOWS\System32\taskmgr.exe

C:\PROGRA~1\CLOCKS~1\Sync.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\Program Files\Common files\updmgr\updmgr.exe

C:\WINDOWS\System32\GqxXIno.exe

C:\WINDOWS\System32\UkoQFY.exe

C:\Documents and Settings\Family\My Documents\My Pictures\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\Family\APPLIC~1\MICROS~1\Office\Excel10.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [vcFmi6sss] c:\windows\temp\vcFmi6sss.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe

O4 - HKLM\..\Run: [iEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe

O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\Xke3.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00174\svchost.exe -remove

O4 - HKCU\..\Run: [Aaou] C:\DOCUME~1\Family\Application Data\amee.exe

O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapicc.exe

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKLM\..\RunOnce: [Q828026] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP

O4 - HKLM\..\RunOnce: [KB826939] rundll32.exe apphelp.dll,ShimFlushCache

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7825.4282175926

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B90E6454-6003-4B44-8A57-33BA7044F777}: NameServer = 205.188.146.146

razazteca · April 23, 2004

What kind of problems are you having?

Papacita · April 23, 2004

Random pop-ups on IE, computer running slowly (the taskbar freezes constantly), there's this thing that when I access a page, it'll highlight a certain word and change it into a link...there's probably more but I'm not at home right now so I can't check it out.

razazteca · April 23, 2004

Use this program CWShredder, visit:

http://www.spywareinfo.com/~merijn/donate.html.

Did you try using Ad-Ware 6 yet? Close all browsers and make these changes in ad-aware, whatever each program finds allow them to fix it.

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...

If you find anything in the quartine make sure to delete the backup. Then use Hijack This to find the EXE file that is causing your problems and delete it.

Also look for a program called PestPatrol and run it but be careful as it is similar to Hijack This and will list everthing, delete what you don't recognize or don't need.

Papacita · April 26, 2004

I've run Norton, Spybot, Adaware, CWShredder and HijackThis on this thing since my original post. I got a lot of things and it's not as bad as it was on Friday, but my IE is still pretty messed up. First off, whenever I'm offline, I'll hear a click or something and AOL will start up (I'm assuming something's trying to connect to the net here). And when I'm online and using IE, I'll hear repeated clicking and the browser will start acting all weird...like, whenever I try to type a period, it'll come up a >, the text size will automatically switch to largest, at times, it'll go back a page randomly...just a second ago when I tried to access this thread, it started opening a new window for every link I clicked. "Adserve" windows will try to pop up every now and then, and while I think I've already got whatever caused this, Friday night, I got message saying that my clock was synchronized with some kinda company's clocks, and a folder called "ClockSync" appeared on my start menu (whatever program was inside was deleted by Norton though).

Here's my updated HijackThis log...

Logfile of HijackThis v1.97.7

Scan saved at 9:26:23 AM, on 4/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program Files\Creative\8xxx\bbui.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\windows\temp\vcFmi6sss.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\wnsapicc.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\GqxXIno.exe

C:\WINDOWS\System32\ZriiR.exe

C:\Documents and Settings\Family\My Documents\My Pictures\hijackthis\HijackThis.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\AOL Companion\companion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)