Logfile of HijackThis v1.99.1
Scan saved at 5:02:22 PM, on 04/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RoamMgr.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.exe
c:\winnt\system32\eiiakdn.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\OpenOffice\program\soffice.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.oracle.com...moc&_schema=MOC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.red.client...ogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.red.client...ogers.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet *.ads.oracle.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_20_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ntpgds] C:\WINNT\orclobi\synctime.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [elobi] C:\WINNT\ORCLOBI\elobi.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINNT\orclobi\suspatch.exe /S /CHECK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [suspatch.exe_finished] C:\WINNT\ORCLOBI\REPDB_35.EXE /PN=suspatch.exe_finished /PV=1.7.0.0 /PT=08/04/05 10:50:26T /RETRY=1
O4 - HKLM\..\Run: [suspatch.exe_executed] C:\WINNT\ORCLOBI\REPDB_32.EXE /PN=suspatch.exe_executed /PV=1.7.0.0 /PT=08/04/05 6:58:19T /RETRY=2
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [lgxfsgb] c:\winnt\system32\eiiakdn.exe r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://my.oracle.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.o...jar/cnsload.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {52D7DDE4-F150-4D82-AAB5-6EED6AB7C708} (my printer) - http://www.cartogra....ads/HPPrint.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ca.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE34CB1-A197-4686-9C11-A6C27447305F}: Domain = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE34CB1-A197-4686-9C11-A6C27447305F}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ca.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com,ca.oracle.com,oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ca.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com,ca.oracle.com,oracle.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\system32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINNT\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\system32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\system32\S24EvMon.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
Edited by Steve in Thornbury, 04 August 2005 - 03:10 PM.