Regards Rob5
Logfile of HijackThis v1.99.1
Scan saved at 2:55:44, on 08-11-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\system32\ccs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\ircomm2k.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\oodag.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINNT\system32\am772cfg.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\downloads\Hijack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 62.100.59.196 offcentric.com
O1 - Hosts: 62.100.59.196:25899 laptop
O1 - Hosts: 172.16.36.10 amsrs039 amsrs039.cgn.canon-europa.com
O1 - Hosts: 172.16.4.12 nas-cenv-ams2.cenv.canon.nl
O1 - Hosts: 193.42.251.103 amsrs048.cgn.canon-europa.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [qumw] C:\PROGRA~1\COMMON~1\qumw\qumwm.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .rx: C:\Program Files\Attachmate\KEA! X\npacirx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cenv.cgn.mycanon.net/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINNT\system32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINNT\System32\ircomm2k.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome8ClientCache80 - Unknown owner - C:\oracle\Ora8\BIN\ONRSD80.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)