I've been running into processor slow-downs for some time, and I was led to believe it was from needing more RAM (which I certainly do). However, having just come across Hijack this, my log tells me I've got some major work to do.
What prompted this was recent worm infections that were removed according to Symantec instructions, but apparently not before the damage was done. Among several anoyances the Clicksearchclick hijack is the most disruptive. My Hijakthis log and Uninstall list are posted below.
Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 3:12:44 PM, on 05/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBPCI5122k\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBPCI5122k\Launcher\CTLauncher.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\GTOLENC.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Palm\hotsync.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Olympus\DSSPlayer2002\DictWnd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mcornelison\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS10R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://w-find.com/index.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.clicksearchclick.com/index.php?aff=9R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://w-find.com/index.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\WINDOWS\All Users\Application Data\X0ff\X0ff0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI5122k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\SBPCI5122k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBPCI5122k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\system32\X1002142005.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{5C90CD67-8F6A-4B90-AFFE-981C946C3614}\SVCHOST.EXE
O4 - HKLM\..\Run: [Sysnet] C:\Documents and Settings\mcornelison\Desktop\snuninst.exe
O4 - HKLM\..\Run: [GTOLENC] C:\WINDOWS\GTOLENC.EXE
O4 - HKLM\..\Run: [pq9i36X] lmrncode.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{5C90CD67-8F6A-4B90-AFFE-981C946C3614}\SECURITY.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Y9qsRWbmQ] kasrator.exe
O4 - HKCU\..\Run: [wsiirpw] c:\windows\xnwhkkv.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [ffmgycx] c:\windows\lbwxquq.exe
O4 - HKCU\..\Run: [bcaloje] c:\windows\mkdwskl.exe
O4 - HKCU\..\Run: [vgtogce] c:\windows\mkdwskl.exe
O4 - HKCU\..\Run: [cdosfxg] c:\windows\mkdwskl.exe
O4 - HKCU\..\Run: [jtpwghh] c:\windows\mkdwskl.exe
O4 - HKCU\..\Run: [pixuvai] c:\windows\mkdwskl.exe
O4 - HKCU\..\Run: [jpptrxk] c:\windows\ioiujhi.exe
O4 - HKCU\..\Run: [lghdpvs] c:\windows\tybkcxf.exe
O4 - HKCU\..\Run: [qcwjshy] c:\windows\qdcgofv.exe
O4 - HKCU\..\Run: [gvtgkxp] c:\windows\ioiujhi.exe
O4 - HKCU\..\Run: [lsmmumn] c:\windows\tybkcxf.exe
O4 - HKCU\..\Run: [ocwytia] c:\windows\qdcgofv.exe
O4 - HKCU\..\Run: [vimwuhg] c:\windows\ioiujhi.exe
O4 - HKCU\..\Run: [qcibotf] c:\windows\tybkcxf.exe
O4 - HKCU\..\Run: [ahmvydu] c:\windows\qdcgofv.exe
O4 - HKCU\..\Run: [wrknxuo] c:\windows\ioiujhi.exe
O4 - HKCU\..\Run: [ihoyjts] c:\windows\qdcgofv.exe
O4 - HKCU\..\Run: [fgmuakn] c:\windows\iqllljr.exe
O4 - HKCU\..\Run: [jnouhed] c:\windows\iqllljr.exe
O4 - HKCU\..\Run: [bgwbukx] c:\windows\iqllljr.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Y! Friends - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Friends - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3121FFF0-3851-4C4E-BEFF-3BA217D5DE96} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3121FFF0-3851-4C4E-BEFF-3BA217D5DE96} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
https://nrepf01.tenethealth.com/msrdp.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cpg.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cpg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cpg.local
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\mspmspsv.exe (file missing)
Uninstall list:
32-BIT BDE
56K PCI Voice Modem SF-1156IV R9A
Ad-aware 5.62
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
All American Sports Series(tm): CART Racing
America Online
APOLLO P2200 Series (Remove only)
CFind
CHS2000 Demo
Disney's Daily Blast 2.0
DivX Codec
EndItAll 2.0
F1 2000
F1 2001
Flash Track Uninstall
FlashTrack Uninstall
Gateway Multi-function Keyboard
Gateway Update
GEM Plus
GEM+ 2 & iGOR
Google Toolbar for Internet Explorer
GPL Race Engineer
GPLAIM
GPLCSM
Grand Prix Legends
HijackThis 1.99.1
HP Instant Delivery
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
InnoMedia BuddyTalk 1.0
IPIX ActiveX Viewer
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Logitech Gaming Software
MediSoft Advanced Patient Accounting 6.12 (Client/Server)
Michael Schumacher Racing World - Kart 2002 - Rookie
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia 2000
Microsoft Expedia Streets & Trips 2000
Microsoft Home Publishing 2000
Microsoft IntelliPoint
Microsoft Money 2000 Standard Edition
Microsoft Office 97, Standard Edition
Microsoft Picture It! Express 2000
Microsoft VGX Q833989
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
NASCARĀ® Racing 3 Craftsman Truck Expansion Pack
NASCARĀ® Racing 4 Demo
Need For Speed III
Netscape Communicator 4.06
Norton AntiVirus 2002
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
Olympus DSS Player 2002
Oozic Player
Outlook Express Q823353
Palm Desktop
PhoneTools
PhotoRescue 1.0.624
PhotoWise 1.7
QuickTime
QuickTime for Windows (32-bit)
Racer
RallyTrophyPlayableDemo
RealArcade
RealPlayer
RSyncMon
Shockwave
Sierra Utilities
Sound Blaster PCI512
Spirit of Speed Demo
Sports Car GT
Spybot - Search & Destroy 1.3
Spyware Doctor 2.1
SpywareGuard v2.2
Sysnet
TeamSpeak 2 RC2
USBAT CompactFlash Adapter Ver 4.0.1.75
Visual Element FX
WebEx
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB871250
Windows 2000 Hotfix - KB873333
Windows 2000 Hotfix - KB873339
Windows 2000 Hotfix - KB885250
Windows 2000 Hotfix - KB885835
Windows 2000 Hotfix - KB885836
Windows 2000 Hotfix - KB888113
Windows 2000 Hotfix - KB890047
Windows 2000 Hotfix - KB890175
Windows 2000 Hotfix - KB890859
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB891711
Windows 2000 Hotfix - KB891781
Windows 2000 Hotfix - KB893066
Windows 2000 Hotfix - KB893086
Windows 2000 Hotfix - KB894320
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
WinVROC
WinZip
Word in Works Suite add-in
XviD MPEG-4 Codec
Yahoo! Companion Toolbar
Yahoo! Friends Explorer Bar
Yahoo! Internet Mail
