Logfile of HijackThis v1.97.7
Scan saved at 6:16:41 PM, on 5/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\YKK USA INC\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MSSQL2000\Binn\sqlservr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\s3hotkey.exe
C:\WINNT\system32\S3trayhp.exe
C:\WINNT\essspk.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ogfh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O1 - Hosts: 32.84.234.130 NUM1ISL0
O1 - Hosts: 32.84.234.131 NUMANS00
O1 - Hosts: 32.84.234.132 NUMAFTF0
O1 - Hosts: 32.84.234.133 NUMAISF0
O1 - Hosts: 32.84.234.134 BNNCAH01
O1 - Hosts: 32.84.234.135 NUMAHQL0
O1 - Hosts: 32.84.234.136 NUMAHQF0
O1 - Hosts: 32.84.234.133 NUMAISL0
O1 - Hosts: 32.84.234.138 NUMCNS01
O1 - Hosts: 32.84.234.139 NUMCNSF0
O1 - Hosts: 32.84.234.141 NUCHISL0
O1 - Hosts: 32.84.234.142 NUCHISF0
O1 - Hosts: 32.84.234.143 NULYISL0
O1 - Hosts: 32.84.234.144 NULYISF0
O1 - Hosts: 32.84.234.145 NUANISL0
O1 - Hosts: 32.84.234.146 NUANISF0
O1 - Hosts: 32.84.234.148 YKKUSAATL
O1 - Hosts: 32.84.234.147 NADBNS02
O1 - Hosts: 32.84.234.137 NAATTCS1
O2 - BHO: (no name) - {6BC07EC7-2266-467B-9E91-9307084C5BA5} - C:\WINNT\system32\ogfh.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Global Startup: Run WinVNC (App Mode).lnk = C:\Program Files\ORL\VNC\WinVNC.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: YKK USA INC VPN Client.lnk = C:\Program Files\YKK USA INC\VPN Client\ipsecdialer.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8043.5428472222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = YKKNCA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = YKKNCA.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = YKKNCA.COM
Any help would be appreciated!
melvindog