mebsy
August 27th, 2003, 03:38 PM
Hi, I don't know what to do now...
Here is the HijackThis log:
Logfile of HijackThis v1.96.2
Scan saved at 2:36:58 PM, on 8/27/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
c:\winnt\system32\suss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
c:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\System32\NALWIN32.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tp4serv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\System32\NWTRAY.EXE
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\System32\ctfmon.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\WINNT\System32\taskmgr.exe
C:\PROGRA~1\Finjan\SURFIN~1\bin\winsfcm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\adkinss\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://currency.na.abnamro.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ABN AMRO
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.na.abnamro.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem213.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SurfinShield Corp] "C:\Program Files\Finjan\SurfinShield Corp\bin\winsfcm.exe" /EN
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Windows Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://currency.na.abnamro.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0502/ticker.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Here is the HijackThis log:
Logfile of HijackThis v1.96.2
Scan saved at 2:36:58 PM, on 8/27/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
c:\winnt\system32\suss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
c:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\System32\NALWIN32.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tp4serv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\System32\NWTRAY.EXE
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\System32\ctfmon.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\WINNT\System32\taskmgr.exe
C:\PROGRA~1\Finjan\SURFIN~1\bin\winsfcm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\adkinss\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://currency.na.abnamro.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ABN AMRO
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.na.abnamro.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem213.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SurfinShield Corp] "C:\Program Files\Finjan\SurfinShield Corp\bin\winsfcm.exe" /EN
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Windows Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://currency.na.abnamro.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0502/ticker.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab