Jump to content


Photo

hijackthis log... pop-ups taking over


  • Please log in to reply
1 reply to this topic

#1 ddtcec

ddtcec

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 21 May 2004 - 08:39 AM

Logfile of HijackThis v1.97.7
Scan saved at 9:10:05 AM, on 5/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\iefeatures.exe
C:\WINDOWS\System32\tftiperf.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Documents and Settings\Marcie Zeigler\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnav.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [precpop2] "C:\Program Files\Precpop2\starter.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\manage.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\iefeaturesversion.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [ss6g3Fg] tftiperf.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: IEEnhancer - http://64.69.90.233/IEPackage.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {0A0E7EAB-0CEA-40E9-B9C8-C8BA31E51A2A} (PrintToPrinterX_NET Control) - http://192.168.100.9...rinterX_NET.ocx
O16 - DPF: {30660755-1DB6-48B4-AB5C-873D511F77AE} (SpoolViewerX_NET Control) - http://192.168.100.9...ViewerX_NET.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywa...r2501031120.EXE
O16 - DPF: {814F07FE-0957-4FDA-842A-53CF63112D99} - http://64.69.90.233/IEPackage.cab
O16 - DPF: {914CB587-A759-413F-A03F-0DFE8BA003CB} (ScreenPOPX_NET Control) - http://192.168.100.9...eenPOPX_NET.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8069.4353240741
O16 - DPF: {A35A7AE9-7E67-4515-B4DD-B6A66005EF21} (ProgramCatalystX_NET Control) - http://192.168.100.9...talystX_NET.ocx
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AE979D27-DF8D-44F0-AA99-E4DA3354A052} (HPDirectX_NET Control) - http://192.168.100.9...DirectX_NET.ocx
O16 - DPF: {D17CB944-E462-4775-94B5-6D201B71A79C} (CashRegisterInterfaceX_NET Control) - http://192.168.100.9...erfaceX_NET.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O16 - DPF: {D2F59844-B787-47DF-B9D6-6FA6AD9BCC67} (COMPortInterfaceX_NET Control) - http://192.168.100.9...erfaceX_NET.ocx
O16 - DPF: {E4FD3195-07CB-4963-AEEE-512976902C79} (HPTransactionX_NET Control) - http://192.168.100.9...actionX_NET.ocx

#2 coops456

coops456

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 21 May 2004 - 10:09 AM

Hi
from a quick look at your log I think you have some spyware issues. Have you read the FAQ and run AdAware and Spybot scans already?

If not please do so, they should clean up a lot of this for you.

Also I notice that you are running HijackThis from a Temporary folder. HijackThis should be moved into its own folder, so that it can create backup files.

To do this:
Click My Computer, then C:\. In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT". Now you have C:\HJT folder. Move HijackThis.exe into the C:\HJT folder and run it from there.

Once you've done all this, and rebooted, please post a new log in the Malware forum where an expert will be able to help you. Explain what steps you have taken so far.

regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button