Tech Support Guy banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
224 Posts
Discussion Starter · #1 ·
Logfile of HijackThis v1.99.1
Scan saved at 5:52:42 AM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Nortel Networks\Remote Access Manager\NNDService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Nortel Networks\Remote Access Manager\RAMSettings.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Support.com\bin\TgSrvc.Exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\system32\srvany.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\WPMS\wpmsmon.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\telnet.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Lotus\Notes\NLNOTES.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\REMEDY4\Aruser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Profiles\mbrookmn\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tsctools.ca.nortel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.us.nortel.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O14 - IERESET.INF: START_PAGE_URL=http://homepage.us.nortel.com
O16 - DPF: Yahoo! MLB StatTracker - http://aud13.sports.sc5.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://help-nortel-rs.amer.csc.com/sdccommon/download/tgctlins.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.nortel.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.nortel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F85E01E-13DE-4664-B522-CD3A29114218}: NameServer = 47.129.25.100,47.129.29.80,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ca.nortel.com,us.nortel.com,internal.nortel.com
O20 - AppInit_DLLs: cahooknt.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CVCBrokerService - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\CVCBrokerService.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: NNDService - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\NNDService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: RAMSettings - Unknown owner - C:\Program Files\Nortel Networks\Remote Access Manager\RAMSettings.exe
O23 - Service: Support.com Repair Service - SupportSoft, Inc. - C:\PROGRA~1\Support.com\bin\TgSrvc.Exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: telnet47 - Unknown owner - srvany (file missing)
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: Workstation Performance Monitoring System (WPMS) - Nortel Networks Ltd. - C:\Program Files\WPMS\wpmsmon.exe
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top