Login 
 Search | |
23-Aug-2004, 01:55 PM
#1 | |||||
| HijackThis Log analysis... Hello All, The log below was generated after I ran both Ad-Aware SE and Spybot Search and Destroy. Ad Aware was run first, then a reboot, then Spybot, then another reboot. This is on a Windows 2000 machine using IE as the browser. The biggest issue at this point is are the pornography popups from "Blend-A-Sex" and "sexocean"  .Thanks in advance for any help that can be rendered... Logfile of HijackThis v1.98.0 Scan saved at 9:29:02 AM, on 8/23/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\System32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\ScanSoft\Pagis\Monitor.exe C:\notes\NLNOTES.EXE C:\notes\naldaemn.EXE C:\notes\nhldaemn.EXE C:\Documents and Settings\ggibson\Desktop\Desktop Folders\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtweed.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROXY:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gtweed.com;<local>;localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\winnt\iehr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [BelNotify] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll,RunDll32_BelNotify O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Jawa32] C:\WINNT\jawa32.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe O4 - HKCU\..\Run: [Jawa32] C:\WINNT\jawa32.exe O4 - Startup: Lotus Notes.lnk = C:\notes\notes.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (NOXLATE) - file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\progra~1\common~1\sapsha~1\system\saphtmlp.dll O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\progra~1\common~1\sapsha~1\system\saphtmlp.dll |
| |
23-Aug-2004, 02:03 PM
#2 | |||||
| Hi garygibson Welcome to TSG!  A new version of Hijack This has been released so get rid of the old one and Click here to download the new one, come back here and post the log from it. |
23-Aug-2004, 02:08 PM
#3 | |||||
| |
23-Aug-2004, 03:47 PM
#4 | |||||
|
__________________ If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site. |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 03:25 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile