My HiJackThis Log

Unknown

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\AIM\aim.exe
E:\Program Files\Communities.com\PalTech\PalTech2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mstsc.exe
E:\Program Files\Communities.com\Palace32.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Downloads-Programs\Windows\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.90.102.138 66.90.102.138
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E12B523-3D4C-4FAC-9B04-0376A8F5E879} - c:\windows\WindowsIE.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program

Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar_en_2.0.111-big.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program

Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround

Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program

Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

/GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\PEOPLE~1\propelac.exe
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program

Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program

Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

/autocheck
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -

C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Check Spelling - res://C:\Program

Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program

Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://c:\program

files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program

files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC

Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC

Accelerated\pac-image.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program

files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38159.7919791667
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -

http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C835F4F5-EAED-4058-A8F8-657CE82D9830}: NameServer =

192.168.0.1

Dexter

In big red letters at the top of this page, and every page in this section of the site, are the the following links:

Steps To Take Before Posting a hijack This Log

SVT Forum Etiquette

Please take a few moments to review those links. Then revise your post accordingly if you wish to receive our help.

We do not like to e-mail users directly for their problems. What is the point of having a public forum if we end up helping users privately via e-mail all the time? By publicly working through problems, we allow other users and guests who find us via search engines, to see how a problem can be fixed. In many cases, guests fix problems on their own simply by reviewing a thread of a similar problemm without ever having to post a thread of their own. If we help everyone privately by e-mail, we lose that advantage, and our work load will increase. Seeing as we are all volunteers here who do this as a hobby, that would make it not fun, and if it is not fun, we will stop doing it.

If we feel the need to e-mail you to assist you further, we will make that judgement call. But please do not ask us to e-mail you to fix your problem. That's just not how it is done. I have edited your thread title accordingly.

Dexter...,

Co-Moderator,
Short-Media.com Security Forums

crtvlynx

I meant post the response in the forum and email me the response because i wanted to fix it ASAP and i always check my mail. Unfortunately you still haven't gave me help instead you posted a complaint, maybe i should go back to the site i usually use. anyways sorry I'm on dial up (you know that slow thin thats outdated lol) and it would of taken me forever to read everything and finish getting help..it took me 20 min just to register at the site and post the topic lol.

Kwitko

We all want our problems fixed ASAP, but as Dexter said, this is purely done on a volunteer basis. Sticking your log there without even as much as a "Hello" is rude. People here are less likely to assist you if you post your log without any background as to what you have tried to do, and are even less likely if you demand help.

If you need help, we'll help. If you demand help and bring attitude with it, well, then please go somewhere else.

crtvlynx

Sticking your log there without even as much as a "Hello" is rude.

Please Read:
http://www.short-media.com/forum/showthread.php?t=17070
http://www.short-media.com/forum/showthread.php?t=17729

No hello was established there and im sure there is more to be found with no hello said.

People here are less likely to assist you if you post your log without any background as to what you have tried to do

Please read your rules it says something along the lines of "Please update and run adaware 6.0 and spyware search and destroy."

and are even less likely if you demand help.

I dont see anywhere where i demanded anything.

anyways sorry I'm on dial up (you know that slow thin thats outdated lol) and it would of taken me forever to read everything and finish getting help..it took me 20 min just to register at the site and post the topic lol.

My HiJackThis Log - Please email me if you could!

I understand it was and is volenteer there was a misunderstanding and it was fixed to be understood sending another message complaning about a post that has been fixed is considered rude where i come from. As you can see from the quot i said "PLEASE" email me "IF" you could not "EMAIL ME" not even a "FIX IT NOW" or "FIX IT" just a post asking for help. If you need to know anything about me then read my profile, anything im willing to share to the public can be found there. if you have question pm me in your forum or email me. People searching a forum rather see

[Problem]->[Solution]

or maybe

[problem/information]->[questions]->[info about the question]->[solution]

not

[intro of me talking about myself]->[problem/information]->[everyone else introducing themselves]->[questions]->[me saying hi to everyone]->[info to question]->[Solution]

as you can see you have to read a bunch of garbage to get a solution to your poblem and by the time you have read 3 posts or so going the 3rd way you are to bored of reading garbage to continue to finding out what your problem is. as i am. ill go ahead and find help somewhere else where you dont get volenteer complaints instead of volenteer help.

primesuspect

see ya

what a jerk! act like we have to help you.. WE HELP BECAUSE WE WANT TO, NOT BECAUSE YOU DEMAND IT.

Kwitko

crtvlynx wrote:

ill go ahead and find help somewhere else where you dont get volenteer complaints instead of volenteer help.

We've done hundreds of logs for people. You are the first to whine about getting free help.

Wow, some people.