1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Ups... Please look at HJT log.

Discussion in 'Virus & Other Malware Removal' started by egglesh, Feb 21, 2005.

Thread Status:
Not open for further replies.
  1. egglesh

    egglesh Thread Starter

    Jun 15, 2004
    I have run Adaware, Spybot, and CWShredder. Can you tell me what needs to go on my HJT log? Thanks!

    Running processes:
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Microsoft Office97\Office\OSA.EXE
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Documents and Settings\egglesh\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Nationwide
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://confserver.ent.nwie.net/proxy/proxy.pac
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {B6F80B55-A730-032D-1C8E-F229DB285097} - C:\WINXP\system32\ntyx.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\System32\hkcmd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HTTP1_1.exe] C:\WINXP\System32\http1_1.exe /s
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://xpress.nwie.net
    O15 - Trusted Zone: http://*.ddcweba02
    O15 - Trusted Zone: http://*.edcsrv33
    O15 - Trusted Zone: http://*.edcweba03
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: http://edcweba03.ent.nwie.net
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: Nationwide SignOn LNotes Password Sync - https://nationwidedir.nwie.net/pwwizard/LNotespwdchg.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    O16 - DPF: {D0ACFA35-5C20-450C-8A61-931E346A995B} (NWKeepAlive.UserControl1) - https://nwportal.nwie.net/wps/frameset/NWKeepAlive.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nwie.net
    O17 - HKLM\Software\..\Telephony: DomainName = nwie.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nwie.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nwie.net
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: SMS Agent Host - Unknown - C:\WINXP\System32\CCM\CcmExec.exe
    O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\Nationwide VPN\Extranet_serv.exe
    O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup30\minislv.exe
    O23 - Service: SMS Alerting Service - Nationwide Services Corp. - C:\PROGRA~1\SMSLog\smslog.exe
    O23 - Service: Telnet - Unknown - C:\WINXP\System32\tlntsvr.exe (file missing)
  2. egglesh

    egglesh Thread Starter

    Jun 15, 2004
    Could someone please look at this and let me know what has to go? Thanks.
  3. egglesh

    egglesh Thread Starter

    Jun 15, 2004
    Is that the deal? If it is, that's cool.... I understand. Just curious. I noticed the moderators were quick to help (within 20 minutes) when I was a new member. Ever since, my questions go months without getting a reply. I look at the questions that ARE getting answered and they're all from new members.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/333096