Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

BenRankin

9 Posts

3130

December 29th, 2004 16:00

HijackThis Log

Here is my HijackThis log I just ran.  I keep getting pop-up windows opening even though I am not logged on to the internet.  I contacted AOL about this problem and they suggested that I reinstall windows and all other software but that will take forever.  Can anyone look at this file and see what is causing me to get ppop-ups when I am not logged on to the internet.  I have a Dimension 4600 and I am not the first person at my company to use the computer.  I have been getting these pop-ups and they are not going away.  I have run spybot: search & destroy, Ad-Aware, and the AOl spyware software and I am still getting hit with pop-ups, often at times when I am not even using my computer.  Any help would be greatly appreciated because my system is starting to lock up when I try to close all the popup windows.
 
Also, there is a line in the log file that had the word s e x in the name and file name and I couldn't post with it in the message so I replaced the letters with ??? so that I could post.  Is this a problem?  I have no idea what this file is.
 
Logfile of HijackThis v1.99.0
Scan saved at 12:04:31 PM, on 12/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\documents and settings\admin\local settings\temp\sujbG.exe
C:\Program Files\NavNT\vptray.exe
C:\documents and settings\admin\local settings\temp\dmRdSwU.exe
C:\WINDOWS\System32\blackbox.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rkyaqby.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\admin\local settings\temp\QmtZPIUa.exe
C:\WINDOWS\system32\qkvkir.exe
C:\documents and settings\admin\local settings\temp\pZip7Zw.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\admin\local settings\temp\lx6by8.exe
C:\documents and settings\admin\local settings\temp\AT4aPWK4.exe
C:\documents and settings\admin\local settings\temp\yat3yvd6.exe
C:\documents and settings\admin\local settings\temp\wqSWg4F.exe
C:\WINDOWS\system32\hnef32.exe
C:\Documents and Settings\Admin\Application Data\osoa.exe
C:\WINDOWS\system32\??chost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\COMMON~1\AOL\110425~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110425~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\Mfbb3.exe
C:\WINDOWS\System32\LwiPYK.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {912E7F3D-E8AA-EB2E-D78D-E7ABAA0150C0} - C:\WINDOWS\system32\ovimqw.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Admin\Local Settings\Temp\Yv9Fv6N.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sujbG] C:\documents and settings\admin\local settings\temp\sujbG.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\AozDF.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [dmRdSwU] C:\documents and settings\admin\local settings\temp\dmRdSwU.exe
O4 - HKLM\..\Run: [840a556a3ae3] C:\WINDOWS\System32\blackbox.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [qF9i39U] rsaill.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [noqrdxaoxrrtp] C:\WINDOWS\system32\rkyaqby.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QmtZPIUa] C:\documents and settings\admin\local settings\temp\QmtZPIUa.exe
O4 - HKLM\..\Run: [pZip7Zw] C:\documents and settings\admin\local settings\temp\pZip7Zw.exe
O4 - HKLM\..\Run: [lx6by8] C:\documents and settings\admin\local settings\temp\lx6by8.exe
O4 - HKLM\..\Run: [AT4aPWK4] C:\documents and settings\admin\local settings\temp\AT4aPWK4.exe
O4 - HKLM\..\Run: [yat3yvd6] C:\documents and settings\admin\local settings\temp\yat3yvd6.exe
O4 - HKLM\..\Run: [wqSWg4F] C:\documents and settings\admin\local settings\temp\wqSWg4F.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104251668\EE\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
*O4 - HKCU\..\Run: [???] C:\WINDOWS\System32\???xx.exe*
O4 - HKCU\..\Run: [dhcpmon] C:\WINDOWS\System32\dhcpmon.exe
O4 - HKCU\..\Run: [boqsRVYmX] hnef32.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Admin\Application Data\osoa.exe
O4 - HKCU\..\Run: [Ronubfu] C:\WINDOWS\system32\??chost.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.net/cashback/cab/installer_EMARKETMKR.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
 
Thanks
 
Ben Rankin
No Responses!

Was this post helpful?

View All

0 events found

No Events found!

Top