Please Help with HIJACKTHIS log

Discussion in 'Computer Support' started by KB from WNS, Sep 8, 2004.

  1. KB from WNS

    KB from WNS Guest

    Can anyone see why I keep getting infected with search popups?

    Thanks!

    Logfile of HijackThis v1.98.2
    Scan saved at 11:32:44 PM, on 9/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Network Associates\Common
    Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\dpmw32.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\atljt32.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    c:\Download\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2E428545-FD05-910E-BFF6-E9542DD6C680} -
    C:\WINDOWS\appro.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program
    Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program
    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet
    Client Monitor\ACUMon.Exe" -a
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
    Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
    Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\RunOnce: [atljt32.exe] C:\WINDOWS\atljt32.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
    Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program
    Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class)
    - http://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a2/5.1.5.222/lib/quicksilver.cab
    O16 - DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} (AvMediaMasterCtrl
    Class) - http://woodsvm1/Web/MediaMasENU.CAB
    O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -
    http://ctmexpress.fvc.com/ctmexpress/runtime/pic/inner_pic/packages/liveupdate.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094608030596
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture
    Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    - https://packeteer.webex.com/client/latest/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF66655-2DB1-4551-A710-474CE0CF5E27}:
    NameServer = 192.168.1.30,192.168.1.30
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wns,
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wns,
    KB from WNS, Sep 8, 2004
    #1
    1. Advertising

  2. KB from WNS

    °Mike° Guest

    On 7 Sep 2004 20:33:10 -0700, in
    <>
    KB from WNS scrawled:

    >Can anyone see why I keep getting infected with search popups?
    >
    >Thanks!
    >
    >Logfile of HijackThis v1.98.2
    >Scan saved at 11:32:44 PM, on 9/7/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:


    >C:\WINDOWS\atljt32.exe


    End Task the above process (CTRL+ALT+DEL).


    >O2 - BHO: (no name) - {2E428545-FD05-910E-BFF6-E9542DD6C680} -
    >C:\WINDOWS\appro.dll


    Have HijackThis fix the above.


    >O4 - HKLM\..\RunOnce: [atljt32.exe] C:\WINDOWS\atljt32.exe


    Have HijackThis fix the above.


    >O4 - Global Startup: hpoddt01.exe.lnk = ?


    Have HijackThis fix the above.


    >O4 - Global Startup: officejet 6100.lnk = ?


    Have HijackThis fix the above.


    >O16 - DPF:


    Have HijackThis fix ALL of the 016-DPF entries.


    >O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF66655-2DB1-4551-A710-474CE0CF5E27}:
    >NameServer = 192.168.1.30,192.168.1.30
    >O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wns,
    >O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wns,


    Unless the above IPs belong to your network or ISP, have HijackThis
    fix the above entries.


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Sep 8, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mocha

    A Little Help With My Hijackthis Log please

    Mocha, Jun 10, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    485
    °Mike°
    Jun 11, 2004
  2. dbru

    Hijackthis Log [Please Help]

    dbru, Nov 9, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    679
    Bill P
    Nov 10, 2004
  3. Chris
    Replies:
    5
    Views:
    405
    pcbutts1
    Apr 12, 2006
  4. J

    Please Help: Hijackthis log

    J, Aug 16, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    487
    pcbutts1
    Aug 17, 2006
  5. Nate

    Please help analyze my HiJackThis log...

    Nate, Oct 25, 2006, in forum: Computer Support
    Replies:
    7
    Views:
    546
    Leythos
    Oct 26, 2006
Loading...

Share This Page