HIJackThis Log Please Advise

Discussion in 'adware, spyware & hijack cleaning' started by tknox, Jun 22, 2004.

Thread Status:
Not open for further replies.
  1. tknox

    tknox Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    2
    Logfile of HijackThis v1.97.7
    Scan saved at 10:19:32 AM, on 6/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\System32\svchost.exe
    c:\Program Files\Timbuktu Pro\tb2launch.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    c:\Program Files\Timbuktu Pro\tb2pro.exe
    c:\Program Files\Timbuktu Pro\TNOTIFY.EXE
    C:\WINNT\system32\ntvdm.exe
    C:\CTMAGENT\SYSTEM32\CTM32.EXE
    C:\WINNT\SAMSUNG\SensKbd\SensKbd.exe
    C:\Program Files\Timbuktu Pro\Tb2Logon.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\WINNT\System32\UpdateDriver.exe
    C:\WINNT\System32\taskswitch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINNT\explorer.exe
    U:\Personal\Pers\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgweb.lant.uscg.mil
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:c:\winnt\iehome.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by U.S. Coast Guard
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\System32\SWin32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SensKbd] C:\WINNT\SAMSUNG\SensKbd\SensKbd.exe
    O4 - HKLM\..\Run: [TLogonPath] "c:\Program Files\Timbuktu Pro\Tb2Logon.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - HKLM\..\Run: [DriverUpdate] C:\WINNT\System32\UpdateDriver.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adstartup] C:\WINNT\System32\automove.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=file:c:\winnt\iehome.htm
    O16 - DPF: dbp_600 - http://mlcawebrpt2:8700/acweb/eanalysis/dbp.cab
    O16 - DPF: {020f6116-407b-11d3-a3bb-00c04fa32518} -
    O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} -
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://O:\macromedia\AuthActiveX60\awswaxf.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06fbd46553671a277817/netzip/RdxIE601.cab
    O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://intranet.wrsystems.com/wrs/msddsc.cab
    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
    O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle Internet Engine) - http://www.actimage.com/download/biTileStyle14.CAB
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://66.153.72.45/CRYSTALREPORTS/activexviewer.cab
    O16 - DPF: {CAFECAFE-0013-0001-0006-ABCDEFABCDEF} (JInitiator 1.3.1.6) -
     
    tknox, Jun 22, 2004
    #1
  2. tknox

    tknox Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    2
    Anyone who could help with this I would appreciate it.
     
    tknox, Jun 22, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...