Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Hijack this log - please help Hijack this log - please help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 09-20-2004, 05:21 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2004
Posts: 1
OS: XP


Hijack this log - please help
Hello,
Here is my log - ANy help would be greatly appreciated, just because i am losing my mind with frustration.

Logfile of HijackThis v1.98.2
Scan saved at 8:13:48 PM, on 9/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\axvwsf.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Winad Client\Winad.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winad Client\WinClt.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijacj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: <internet address> <official hostname> <aliases>
O1 - Hosts: 172.20.1.1 ohio_1 ohio_100 #AFIS Main Server 1
O1 - Hosts: 172.20.1.2 ohio_2 ohio_200 #AFIS Main Server 2
O1 - Hosts: 172.18.1.1 ohio_1 #AFIS Main Server PMA Segment
O1 - Hosts: 172.18.1.2 ohio_2 #AFIS Main Server PMA Segment
O1 - Hosts: 172.18.1.3 ohio_rt1 0060B0-223B76 #PMA TP-TP
O1 - Hosts: 172.18.1.4 ohio_rt2 0060B0-223B7E #PMA TP-TP
O1 - Hosts: 172.18.1.5 ohio_rt3 0060B0-22EBE3 #PMA LT-TP
O1 - Hosts: 172.18.1.6 ohio_rt4 0060B0-22CB0E #PMA LT-TP
O1 - Hosts: 172.18.1.201 Quad450L1 quad450l1 #LT-TP Secondary matcher
O1 - Hosts: 172.18.1.202 Quad450L2 quad450l2 #LT-TP Secondary matcher
O1 - Hosts: 172.20.1.3 jessie #WEB Server
O1 - Hosts: 172.20.1.7 comet #Linux Test Server
O1 - Hosts: 172.20.1.4 bciext #Account Server for SBT
O1 - Hosts: 172.20.1.5 ohiocch #CCH Server Interface
O1 - Hosts: 172.20.1.6 katana #e-SORN Server
O1 - Hosts: 172.20.1.6 katana.bci.lead.state.oh.us katana
O1 - Hosts: 172.20.1.8 demo10 #EFIPS Server
O1 - Hosts: 172.20.1.45 cchbacku #Backup server for CCH NIC 2
O1 - Hosts: 172.20.1.9 cchbacku #Backup server for CCH
O1 - Hosts: 172.20.1.46 national #National WebCheck Test Station - JT
O1 - Hosts: 172.20.1.10 ohio_3 #CR AFIS Region Server
O1 - Hosts: 172.20.1.13 cchmir #CCH Mirror System
O1 - Hosts: 172.20.1.14 ohio_uleng #Ohio UL server
O1 - Hosts: 172.19.1.20 ohio_uleng19 #TP to UL engine
O1 - Hosts: 172.19.1.12 ohio_edisp #CR Disposition Server
O1 - Hosts: 172.19.1.14 ohio_p1 #Tenprint print server
O1 - Hosts: 172.19.1.15 ohio_p2 #Tenprint print client
O1 - Hosts: 172.19.1.16 ohio_lx1 #Lexmark printer
O1 - Hosts: 172.19.1.17 ohio_lx2 #Lexmark printer
O1 - Hosts: 172.20.1.21 ashley #Tape Backup Server
O1 - Hosts: 172.20.1.22 gate #Fast ID Server
O1 - Hosts: 172.20.1.24 webchk4c #WebCheck 4.0 Production Server
O1 - Hosts: 172.20.1.25 cvregion #Civilian Region Server (NT)
O1 - Hosts: 172.20.1.26 voyager #New Server - WebCheck Pilot
O1 - Hosts: 172.20.1.27 upma11 #New Ultra PMA
O1 - Hosts: 172.20.1.28 upma12 #New Ultra PMA
O1 - Hosts: 172.20.1.29 chris #308 Archive Server
O1 - Hosts: 172.20.1.32 natlweb #National WebCheck Server
O1 - Hosts: 172.20.1.35 cafispdc #CAFIS Domain Server
O1 - Hosts: 172.20.1.36 cafisbdc #CAFIS Backup Domain Server
O1 - Hosts: 172.19.1.25 cafispdc #CAFIS Domain Server
O1 - Hosts: 172.19.1.26 cafisbdc #CAFIS Backup Domain Server
O1 - Hosts: 172.20.1.15 james1 #Load Balancer 1
O1 - Hosts: 172.20.1.16 james2 #Load Balancer 2
O1 - Hosts: 172.20.1.17 webchk4a #WebCheck 4a
O1 - Hosts: 172.20.1.18 james4 #Load Balancer Shared
O1 - Hosts: 172.20.1.19 webchk4b #WebCheck 4b
O1 - Hosts: 172.20.1.100 lori1 #Lori Osborn - Temporary SBT
O1 - Hosts: 172.20.1.101 lori2 #Lori Osborn - Temporary SBT
O1 - Hosts: 172.20.1.102 wc4db #HP UX WebCheck 4 Database Server
O1 - Hosts: 172.20.1.37 core1 #New HP Server1
O1 - Hosts: 172.20.1.38 core2 #New HP Server2
O1 - Hosts: 172.20.1.42 emc1 #New Clarion EMC DISK
O1 - Hosts: 172.20.1.43 emc2 #New Clarion EMC DISK
O1 - Hosts: 172.20.1.44 coremgmt #New Dell Management Server
O1 - Hosts: 172.20.1.200 3Com_Core1 #3Com 3500 Core Builder CV Interface
O1 - Hosts: 172.19.1.200 3Com_Core2 #3Com 3500 Core Builder CR Interface
O1 - Hosts: 156.63.201.254 3com_ag #3Com 3500 Core Builder AG Interface
O1 - Hosts: 172.20.1.201 3com_cv1 #3Com 3300 Switch in Server room
O1 - Hosts: 172.20.1.202 3com_cv2 #3com 3300 Switch in Ident Closet
O1 - Hosts: 172.19.1.201 3Com_cr1 #3com 3300 Switch in Server room
O1 - Hosts: 172.19.1.202 3Com_cr2 #3com 3900 Switch in Ident Closet
O1 - Hosts: 172.19.1.203 3Com_cr3 #3com 3300 Switch in Ident Closet
O1 - Hosts: 172.20.1.208 isdn #Ascend ISDN router for support
O1 - Hosts: 172.20.1.247 3COM_CV3 #3Com 3300 Switch in Server room
O1 - Hosts: 172.20.1.210 minu01
O1 - Hosts: 172.20.1.211 minu02
O1 - Hosts: 172.20.1.212 minu03
O1 - Hosts: 172.20.1.213 minu04 #C160 10MB Interface 10.20
O1 - Hosts: 172.20.1.214 minu05
O1 - Hosts: 172.20.1.215 minu06
O1 - Hosts: 172.20.1.216 minu07
O1 - Hosts: 172.20.1.217 minu08
O1 - Hosts: 172.20.1.218 minu09 #C100 10MB Interface 10.20
O1 - Hosts: 172.20.1.219 minu10 #C110 10MB Interface 10.20
O1 - Hosts: 172.20.1.220 minu11 #C110 10MB Interface 10.20
O1 - Hosts: 172.20.1.221 minu12 #B180 100MB Interface 10.20
O1 - Hosts: 172.20.1.222 minu13 #B180 100MB Interface 10.20
O1 - Hosts: 172.20.1.223 minu14 #B180 100MB Interface 10.20
O1 - Hosts: 172.20.1.46 agminu01
O1 - Hosts: 172.20.1.47 agminu02
O1 - Hosts: 172.20.1.20 cvprint01
O1 - Hosts: 172.20.1.54 dataentry01
O1 - Hosts: 172.20.1.11 dataentry02
O1 - Hosts: 172.20.1.12 dataentry03
O1 - Hosts: 172.20.1.55 dataentry04
O1 - Hosts: 172.20.1.56 dataentry08
O1 - Hosts: 172.20.1.57 dataentry09
O1 - Hosts: 172.20.1.58 dataentry10
O1 - Hosts: 172.20.1.51 dataentry11
O1 - Hosts: 172.20.1.52 dataentry12
O1 - Hosts: 172.20.1.53 dataentry13
O1 - Hosts: 172.20.1.30 ident01
O1 - Hosts: 172.20.1.31 ident02
O1 - Hosts: 172.20.1.40 scanner01 #CV AFIS scanner01
O1 - Hosts: 172.20.1.41 scanner02 #CV AFIS scanner02
O1 - Hosts: 172.20.1.250 jet #John Thompson - Laptop
O1 - Hosts: 172.20.1.251 jet #John Thompson - Laptop
O1 - Hosts: 172.19.1.252 ram
O1 - Hosts: 172.19.1.198 crwks50
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vwbstcahjx] C:\WINDOWS\System32\axvwsf.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...ffd12299b6db5c
O16 - DPF: {227F9E10-BBBD-41C3-9A9D-04D88FDC47D6} (Ctrl Class) - https://secure.nationalwebcheck.ag.s...tivex/Excp.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {97E123F4-7A16-11D5-BECF-0050DA696588} (ImgCtrl Class) - https://secure.nationalwebcheck.ag.s...vex/ImgCvt.dll
O16 - DPF: {C5D3CB2E-BD01-11D5-BEE7-0050DA696588} (CrwProfileCtrl Class) - https://secure.nationalwebcheck.ag.s.../RWProfile.dll
O16 - DPF: {CA81E0CE-E0EC-11D4-BEA1-0050DA696588} (FRWctl Class) - https://secure.webcheck4.ag.state.oh...vex/FileRW.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
merefolk is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:27 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82