Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows NT > hijackthis log - help please

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

hijackthis log - help please

Reply to Message Icon

Name: sillygirl
Date: December 9, 2003 at 13:20:47 Pacific
OS: windows 2000 NT
CPU/Ram: not sure
Comment:

I was having a hijacked homepage problem - the latest was "search-space.com". I fix these with a CWSshredder, which generally does the trick. However, lately I've been having some random pop-ups, particularly one of those little fake "dialogue boxes" that says something like "hey dude, click here to see fresh teens" with the single "ok" button. When you click it closed, it then generates a barrage of the worst amateur porn pages. Spyware, AdAware, CWSshredder - nothing touches this, apparently. So, I downloaded Hijackthis. While I've learned a tremendous amount about my hardware and my registry, I'm still not confident enough to start deleting things off the Hijackthis log. Here it is - if anyone could help out, I'd greatly appreciate it.

Logfile of HijackThis v1.97.7
Scan saved at 4:03:09 PM, on 12/9/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\NavNT\defwatch.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\cba\pds.exe
D:\Program Files\SSC\NSCTOP.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\ORL\VNC\WinVNC.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\ams_ii\hndlrsvc.exe
D:\WINNT\system32\MsgSys.exe
D:\WINNT\system32\ams_ii\iao.exe
D:\WINNT\system32\cba\xfr.exe
D:\WINNT\Explorer.exe
D:\Program Files\SVA Player\SVAPLAYER.exe
D:\WINNT\loadqm.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\WinZip\WZQKPICK.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\paul\Local Settings\Temp\HijackThis.exe
D:\Program Files\Internet Explorer\IEXPLORE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - D:\WINNT\madise.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SVAPlayer] D:\Program Files\SVA Player\SVAPLAYER.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Ad-aware] "D:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.exe
O12 - Plugin for .bcf: D:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20791ddcd289ffe24b19/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37943.4360648148
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DECD798C-A65B-4ACC-BBB8-F0941B6F2BA5}: NameServer = 216.211.192.2,216.211.192.6



Sponsored Link
Ads by Google

Response Number 1
Name: TimeBombCharlie
Date: January 9, 2004 at 14:12:50 Pacific
Reply:

SIlly, I have the same exact problem as you had/have--same hijacked homepage(search-space.com) and the same damned pop up(Hey dude...fresh teens) appears every so often--I downloaded CWshredder to fix the homepage but Im wondering about the pop up---Were you ever able to remedy it or is it still a reoccuring problem???If you were able to fix it--could you enlighten me as to how you did it??? Did you have to reinstall internet explorer as was suggested in another post?? any help would be appreciated


0
Reply to Message Icon

Related Posts

See More


Hyper Term using LAN Networking XP & NT



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows NT Forum Home


Sponsored links
Ads by Google


Results for: hijackthis log - help please
WINS severs (HELP PLEASE) www.computing.net/answers/windows-nt/wins-severs-help-please/17191.html

Need help please, re: windows nt sound balster www.computing.net/answers/windows-nt/need-help-please-re-windows-nt-sound-balster/1388.html

NT 4 Server: Cold Boot doesn't work. Warm boot does. Help? Please! www.computing.net/answers/windows-nt/nt-4-server-cold-boot-doesnt-work-warm-boot-does-help-please/2786.html