Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

hijack this log

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 5 posts
I think I still have Gator on one of my machines and I need to get rid of that. However I have a feeling there might be other spywares lurking in the background. I was hoping someone could analyze my log. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 3:59:17 PM, on 05/11/2004
Platform: Windows NT 4 SP5 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Microsoft\Office 97\Office\OSA.EXE
C:\Program Files\Microsoft\Office2K\Office\1033\OLFSNT40.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MICROSOFT\INTERNET EXPLORER\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DiskNag] C:\DELL\DiskNag.exe
O4 - HKLM\..\Run: [NodeMngr] C:\DMI\BIN\NodeMngr.EXE
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [NTrtc] \y2000rtc\ntrtc.exe
O4 - HKLM\..\Run: [UserDataUninstall] loadwc.exe /u
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\Program Files\Navnt\npscheck.exe
O4 - HKLM\..\Run: [AbcLicMtrClient] C:\WINNT\ABC\Licenser\i386\clientNT.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [EasyAV] C:\WINNT\EasyAV.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP.EXE" -turbo
O4 - Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Office2K\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Office Startup.LNK = C:\Program Files\Microsoft\Office 97\Office\OSA.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft\Office2K\Office\1033\OLFSNT40.EXE
O4 - Global Startup: _LOCALENV.LNK = C:\WINNT\Profiles\Scripts\localenv.cmd
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O11 - Options group: [TB] Toolbar
O12 - Plugin for .mov: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\npqtw32.dll
O12 - Plugin for .pdf: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\nppdf32.dll
O12 - Plugin for .qt: C:\Program Files\MICROSOFT\INTERNET EXPLORER\PLUGINS\npqtw32.dll
O13 - WWW. Prefix: http://
O16 - DPF: Win32 Classes - file://C:\WINNT\Java\classes\win32ie4.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macr...are/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator....bundle7v1d1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://nesteggz.nest...ActiveX1600.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = neu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = neu.edu
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP