Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Any help is greatly appreciated.Have already run Ad-Aware and Spybot. Machine is now reporting clean. Still getting pop-ups and the first page of a search at google is replaced with spyware's junky responses. Going to second page looks fine.
Possible that it has to be run for each user logon?
Here is the HT log.
Logfile of HijackThis v1.97.7
Scan saved at 12:46:18 PM, on 12/8/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
Z:\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\ati2plxx.exe
C:\WINNT\System32\cdmsvc.exe
C:\Program Files\NAV\defwatch.exe
C:\WINNT\System32\encsvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\cba\pds.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\mfcom.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NAV\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ulmsrv.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\Pwrchute\ups.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\Citrix\IMA\imasrv.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.exe
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\NAV\vptray.exe
C:\WINNT\system32\icabar.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\administrator.AG\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NAV\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - Startup: ICA Administrator Toolbar.lnk = C:\WINNT\system32\icabar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O10 - Broken Internet access because of LSP provider 'z:\windows\system32\rnr20.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.applieduniversity.com/ICBT/aw52fullautoinstall/awswaxf.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://keys3.expr.net/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.2811226852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AG.LAN
O17 - HKLM\System\CCS\Services\Tcpip\..\{3873DBF3-168E-4ADC-AACB-B178FEE79F12}: NameServer = 192.168.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AG.LAN
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AG.LAN
 |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
