HIjack this log - Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

parchay

Thread Starter
Joined
Jun 24, 2004
Messages
13
HI,

My computer seems to have some kind of spyware on and also my internet is running extremely slowly and taking up around 75% of my CPU usage.

Here is my hijack this log any help would be appreciated:

Logfile of HijackThis v1.98.2
Scan saved at 11:11:43, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\WinPwdHelper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Qcard\QCnotify.exe
C:\WINDOWS\AppPatch\inetmsvc.exe
c:\windows\system32\tuneup\tuneup.exe
C:\Documents and Settings\ak5360\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cob-intra001.eu.pg.com/stdapps/mdonet/emeaservic/design.nsf/vHTML/Welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.pg.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.pg.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.pg.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\ak5360\LOCALS~1\Temp\cvsmteni.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\ak5360\LOCALS~1\Temp\cvsmteni.dat
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\ak5360\LOCALS~1\Temp\cvsmteni.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\ak5360\LOCALS~1\Temp\cvsmteni.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Esd3Sws] C:\Program Files\Esd3Sws\Esd3Sws.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\IXOS ECD Viewer\bin\CfgDownload.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [inetmsvc] C:\WINDOWS\AppPatch\inetmsvc.exe
O4 - HKLM\..\RunOnce: [*inetmsvc] C:\WINDOWS\AppPatch\inetmsvc.exe rerun
O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\hardmsvc.exe ren
O4 - Startup: EYE-KON.lnk = C:\Program Files\EYE-KON\eye-kon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QC Notifier.lnk = C:\Program Files\Qcard\QCnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{36284846-7317-435F-8C5A-7D3D0D27BDEA}: Domain = eu.pg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{36284846-7317-435F-8C5A-7D3D0D27BDEA}: Domain = eu.pg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eu.pg.com,pg.com,na.pg.com,la.pg.com,ap.pg.com
O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll

THanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top