my hijackthis log file

my hijackthis log file
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
my hijackthis log file tony.belden 05-25-2005
Posted by on May 25, 2005, 7:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi, I'm using Win2K and incessant popups are driving me insane. I'm
having a really hard time getting anything done. I am running ad-aware
scans every 10 minutes, spybot, ms adware utility, you name it. I'm
growing despondent.

Logfile of HijackThis v1.99.1
Scan saved at 10:50:55 AM, on 5/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Glance\Glance.exe
C:\Program Files\PKWARE\PKZIPO\PKTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Citrix\ICA Client\wfica32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://guggenheim.asseteye.net/
R3 - URLSearchHook: (no name) - _
- (no file)
R3 - URLSearchHook: (no name) - _
- (no file)
O3 - Toolbar: &Google - -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [gkrAK] C:\documents and settings\administrator\local
settings\temp\gkrAK.exe
O4 - HKLM\..\Run: [picsvr] C:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsvcin] C:\WINNT\system32\n20050308.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Nsv] C:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\unrank.exe reg_run
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitenic32.exe
O4 - HKCU\..\Run: [Ehwuz] C:\WINNT\system32\r?ndll32.exe
O4 - HKCU\..\Run: [JBsqRUN8S] rsfxdo.exe
O4 - HKCU\..\Run: [Lcbt] C:\Documents and
Settings\Administrator\Application Data\ewah.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Glance.lnk = C:\Program Files\Glance\Glance.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program
Files\PKWARE\PKZIPO\PKTray.exe
O4 - Global Startup: rtdc.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
- C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ebates - -
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
(file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O16 - DPF: (MeadCo ScriptX
Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: (DownloadInstall
Class) - http://www.glance.net/install/GDownloadInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wanlink.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wanlink.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wanlink.us
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\p86slij718o.dll
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe



Posted by tino on May 25, 2005, 9:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Have you tried using a fire wall



Posted by Jason Edwards on May 25, 2005, 9:05 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi, I'm using Win2K and incessant popups are driving me insane. I'm
> having a really hard time getting anything done. I am running ad-aware
> scans every 10 minutes, spybot, ms adware utility, you name it. I'm
> growing despondent.
>

Have you tried wiping the drive and reinstalling everything from clean
media?
Please don't do that with the computer connected to the Internet.
Have SP4 and all other updates on CD or a network share and don't reconnect
to the internet until the reinstall is fully up to date.
External USB 2.0 hard drives can also be useful.
So can http://www.mozilla.org/products/firefox/ instead of Internet
Explorer.
A little knowledge of how to run Windows 2000 as a user instead of an
administrator is also useful.

You may want to find someone in your area who knows how to help you and pay
them to do it.

Jason




Similar ThreadsPosted
Help pl. with HijackThis log December 31, 2004, 9:38 am
Just ran Hijackthis. Can you help? May 20, 2005, 7:12 am
Hijackthis.log to be read to get rid of about:blank February 21, 2005, 6:20 pm
Host file December 24, 2005, 11:19 am
PIX Log file analyzer November 11, 2007, 9:05 pm
File sharing over Internet February 14, 2005, 1:15 pm
Large .dmp.zip file from ZoneAlarm ... March 2, 2005, 5:49 pm
Windows file sharing through NAT April 22, 2005, 1:16 pm
sidewinder log file location October 19, 2005, 3:43 pm
File Sharing, Broadband and NAT October 26, 2005, 10:05 am

The site map in XML format XML site map

Contact Us | Privacy Policy