Please look at my HJ log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

munkee

Thread Starter
Joined
Dec 19, 2003
Messages
40
Hey all security gurus, thank you for the help in the past. Please check this log, there are a few suspicious looking entries to me.

:confused: O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

:confused: O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe

:confused: O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

This was deleted, so why is this entry still there? O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\BlahBlah\YMGR\Messenger\ypager.exe -quiet

Logfile of HijackThis v1.97.7
Scan saved at 3:16:16 PM, on 4/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\D4\D4.exe
C:\WINNT\system32\SxgTkBar.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Navnt\NAVAPW32.EXE
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\isqlw.exe
C:\Program Files\Primate32\Qmd.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.primate.com/
O1 - Hosts: 64.3.108.41 TestIclDemo
O1 - Hosts: 64.3.108.41 TestIclHonda
O1 - Hosts: 64.3.108.41 TestIclIsuzu
O1 - Hosts: 64.3.108.41 TestIclKia
O1 - Hosts: 64.3.108.41 TestIclKiaCanada
O1 - Hosts: 64.3.108.41 TestIclMercedes
O1 - Hosts: 64.3.108.41 TestIclMitsubishi
O1 - Hosts: 63.3.108.41 TestMMSCan
O1 - Hosts: 64.3.108.41 TestIclSuzuki
O1 - Hosts: 64.3.108.41 TestIclVw
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\BlahBlah\YMGR\Messenger\ypager.exe -quiet
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\NAVAPW32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.4872800926
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.omnitrader.com/omnitrader/support/ot2003/updater/PreRelease/setup.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BRICKSOFTWARE.OFFICE1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2514FC-5C6A-4B25-80A7-73EE9450608D}: NameServer = 192.168.0.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BRICKSOFTWARE.OFFICE1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BRICKSOFTWARE.OFFICE1
 

munkee

Thread Starter
Joined
Dec 19, 2003
Messages
40
PS:

Can anyone explain these, from another machine?

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Those last two are NVIDIA files for video driver/adapter.

O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
is Yamaha sound driver file

CloneCD, Elby entry is normal....do you still have Clone?

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
MS Office language bar assistant

They are all safe, normal, leave them alone. They may not be totally neccessary, but they are not junk.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top