Please Help with HIJACKTHIS log

Discussion in 'Computer Support' started by KB from WNS, Sep 8, 2004.

  1. KB from WNS

    KB from WNS Guest

    Can anyone see why I keep getting infected with search popups?

    Thanks!

    Logfile of HijackThis v1.98.2
    Scan saved at 11:32:44 PM, on 9/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Network Associates\Common
    Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\dpmw32.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\atljt32.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    c:\Download\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2E428545-FD05-910E-BFF6-E9542DD6C680} -
    C:\WINDOWS\appro.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program
    Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program
    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet
    Client Monitor\ACUMon.Exe" -a
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
    Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
    Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\RunOnce: [atljt32.exe] C:\WINDOWS\atljt32.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
    Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program
    Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class)
    - http://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a2/5.1.5.222/lib/quicksilver.cab
    O16 - DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} (AvMediaMasterCtrl
    Class) - http://woodsvm1/Web/MediaMasENU.CAB
    O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -
    http://ctmexpress.fvc.com/ctmexpress/runtime/pic/inner_pic/packages/liveupdate.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094608030596
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture
    Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    - https://packeteer.webex.com/client/latest/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF66655-2DB1-4551-A710-474CE0CF5E27}:
    NameServer = 192.168.1.30,192.168.1.30
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wns,
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wns,
     
    KB from WNS, Sep 8, 2004
    #1
    1. Advertisements

  2. KB from WNS

    °Mike° Guest

    End Task the above process (CTRL+ALT+DEL).

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix ALL of the 016-DPF entries.

    Unless the above IPs belong to your network or ISP, have HijackThis
    fix the above entries.
     
    °Mike°, Sep 8, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.