hijack this log

I think I still have Gator on one of my machines and I need to get rid of that. However I have a feeling there might be other spywares lurking in the background. I was hoping someone could analyze my log. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 3:59:17 PM, on 05/11/2004
Platform: Windows NT 4 SP5 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\DMI\bin\delldmi.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\DMI\bin\nic.exe
C:\DMI\bin\dnar.exe
C:\WINNT\System32\SysTray.Exe
C:\DMI\BIN\NodeMngr.EXE
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\MSWHEEL.EXE
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP.EXE
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Microsoft\Office 97\Office\OSA.EXE
C:\Program Files\Microsoft\Office2K\Office\1033\OLFSNT40.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MICROSOFT\INTERNET EXPLORER\iexplore.exe
C:\WINNT\SYSTEM32\MDM.EXE
C:\WINNT\System32\ddhelp.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [DiskNag] C:\DELL\DiskNag.exe
O4 - HKLM\..\Run: [NodeMngr] C:\DMI\BIN\NodeMngr.EXE
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [NTrtc] \y2000rtc\ntrtc.exe
O4 - HKLM\..\Run: [UserDataUninstall] loadwc.exe /u
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\Program Files\Navnt\npscheck.exe
O4 - HKLM\..\Run: [AbcLicMtrClient] C:\WINNT\ABC\Licenser\i386\clientNT.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [EasyAV] C:\WINNT\EasyAV.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP.EXE" -turbo
O4 - Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Office2K\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Office Startup.LNK = C:\Program Files\Microsoft\Office 97\Office\OSA.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft\Office2K\Office\1033\OLFSNT40.EXE
O4 - Global Startup: _LOCALENV.LNK = C:\WINNT\Profiles\Scripts\localenv.cmd
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O11 - Options group: [TB] Toolbar
O12 - Plugin for .mov: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\npqtw32.dll
O12 - Plugin for .pdf: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\nppdf32.dll
O12 - Plugin for .qt: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\npqtw32.dll
O13 - WWW. Prefix: http://
O16 - DPF: Win32 Classes - file://C:\WINNT\Java\classes\win32ie4.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macr...are/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator....bundle7v1d1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://nesteggz.nest...ActiveX1600.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = neu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = neu.edu

#1
bigzeppelin2k

Posted 11 May 2004 - 02:03 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us