Hijack log anyone ? please !!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mattbrook

Thread Starter
Joined
May 16, 2005
Messages
224
Logfile of HijackThis v1.99.1
Scan saved at 5:52:42 AM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Nortel Networks\Remote Access Manager\NNDService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Nortel Networks\Remote Access Manager\RAMSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Support.com\bin\TgSrvc.Exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\system32\srvany.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\WPMS\wpmsmon.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\telnet.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Lotus\Notes\NLNOTES.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\REMEDY4\Aruser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Profiles\mbrookmn\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tsctools.ca.nortel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.us.nortel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O14 - IERESET.INF: START_PAGE_URL=http://homepage.us.nortel.com
O16 - DPF: Yahoo! MLB StatTracker - http://aud13.sports.sc5.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://help-nortel-rs.amer.csc.com/sdccommon/download/tgctlins.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.nortel.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O20 - AppInit_DLLs: cahooknt.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CVCBrokerService - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\CVCBrokerService.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: NNDService - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\NNDService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: RAMSettings - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\RAMSettings.exe
O23 - Service: Support.com Repair Service - SupportSoft, Inc. - C:\PROGRA~1\Support.com\bin\TgSrvc.Exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: telnet47 - Unknown owner - srvany (file missing)
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: Workstation Performance Monitoring System (WPMS) - Nortel Networks Ltd. - C:\Program Files\WPMS\wpmsmon.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
we are quite good here but it easier if you give us some idea of what the actual problem is
 

mattbrook

Thread Starter
Joined
May 16, 2005
Messages
224
LOL Well no problems really. Just SOME TIMES my PC is slow and the Hardrive is grinding. It's my work pc. But You are right I really just wanted to see if anything is wrong. :D TX's
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top