Hijack This Log,
#16
Posted 20 November 2005 - 10:29 PM
Register to Remove
#17
Posted 21 November 2005 - 04:18 AM
#18
Posted 21 November 2005 - 12:57 PM
#19
Posted 21 November 2005 - 04:23 PM
Here's the log...
Logfile of HijackThis v1.99.1
Scan saved at 23:19:45, on 21-11-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\system32\ccs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
D:\downloads\ewido\security suite\ewidoctrl.exe
D:\downloads\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\ircomm2k.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\oodag.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINNT\system32\am772cfg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\downloads\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\Hijack This\HijackThis.exe
O1 - Hosts: 62.100.59.196 offcentric.com
O1 - Hosts: 62.100.59.196:25899 laptop
O1 - Hosts: 172.16.36.10 amsrs039 amsrs039.cgn.canon-europa.com
O1 - Hosts: 172.16.4.12 nas-cenv-ams2.cenv.canon.nl
O1 - Hosts: 193.42.251.103 amsrs048.cgn.canon-europa.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\DOWNLO~1\SPYBOT~2\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\downloads\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .rx: C:\Program Files\Attachmate\KEA! X\npacirx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cenv.cgn.mycanon.net/
O15 - Trusted Zone: http://www.kruidvat.nl
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://cm.cgn.canon-...in/Spider80.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINNT\system32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\downloads\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\downloads\ewido\security suite\ewidoguard.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINNT\System32\ircomm2k.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome8ClientCache80 - Unknown owner - C:\oracle\Ora8\BIN\ONRSD80.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
#20
Posted 22 November 2005 - 12:00 PM
- On a regular basis, please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.
- In order to protect yourself against spyware, you should consider installing and running the following free programs:
- Ad-Aware SE. A tutorial on using Ad-Aware to remove spyware from your computer may be found here. You have this installed currently. Please keep it updated and run it on a regular basis.
- Spybot-Search & Destroy. A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features. You have this installed currently. Please keep it updated and run it on a regular basis.
- SpywareBlaster. A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
- SpywareGuard. A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here.
- Also make sure to run your antivirus software regularly, and to keep it up-to-date.
- Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Sygate, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Hopefully this should take care of your problems! Good luck.
#21
Posted 23 November 2005 - 08:30 AM
#22
Posted 23 November 2005 - 09:48 AM
#23
Posted 23 November 2005 - 09:48 AM
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users