[shandobj]

Logfile of HijackThis v1.99.1
Scan saved at 12:42:29 PM, on 9/6/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\EnZip\EnZip.exe
C:\DOCUME~1\350-39\LOCALS~1\Temp\_ENZTMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Chubb Computer Services
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} -

C:\WINNT\System32\WinStat13.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} -

C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr]

C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AOL Messenger] CZLWWNPH.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [woubmwi] C:\WINNT\System32\woubmwi.exe
O4 - HKLM\..\Run: [mmwpih] C:\WINNT\System32\mmwpih.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [qxqe] C:\WINNT\System32\qxqe.exe
O4 - HKLM\..\Run: [uver] C:\WINNT\System32\uver.exe
O4 - HKLM\..\Run: [ulhvz] C:\WINNT\System32\ulhvz.exe
O4 - HKLM\..\Run: [bveqcev] C:\WINNT\System32\bveqcev.exe
O4 - HKLM\..\Run: [cndiigc] C:\WINNT\System32\cndiigc.exe
O4 - HKLM\..\Run: [umvfnjj] C:\WINNT\System32\umvfnjj.exe
O4 - HKLM\..\Run: [ykf] C:\WINNT\System32\ykf.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINNT\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [fonxr] C:\WINNT\System32\fonxr.exe
O4 - HKLM\..\Run: [rauk] C:\WINNT\System32\rauk.exe
O4 - HKLM\..\Run: [yvxq] C:\WINNT\System32\yvxq.exe
O4 - HKLM\..\Run: [hiyl] C:\WINNT\System32\hiyl.exe
O4 - HKLM\..\Run: [rklefcs] C:\WINNT\System32\rklefcs.exe
O4 - HKCU\..\Run: [AIM] C:\Program

Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner

Trial\RegClean.exe"
O4 - HKCU\..\RunOnce: [AOL Messenger] CZLWWNPH.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft

Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700

series\bin\hpodev07.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program

Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Validate XML - C:\WINNT\web\msxmlval.htm
O8 - Extra context menu item: View XSL Output - C:\WINNT\web\msxmlvw.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .wav: C:\Program

Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -

http://dst.trafficsy..._50038/QDow.cab
O16 - DPF: {2F214465-E605-11D2-9883-00105A04BB51} (Remote Control) -

file://C:\Documents and Settings\350-39\My

Documents\UNIT4\JavaScriptFiles\Explore\Applets\ActiveX\xRemote.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../wuweb_site.cab

?1125514837265
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -

http://cdn.digitalci...illama/ampx.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{7924F224-9504-4F53-AFC7-B0FE29DA7486}:

Domain = umdnj.edu
O17 -

HKLM\System\CCS\Services\Tcpip\..\{7924F224-9504-4F53-AFC7-B0FE29DA7486}:

NameServer = 130.219.4.100,130.219.34.100
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program

Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS

Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. -

C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation

- C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation -

C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner -

C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation -

C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner -

C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner -

C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner -

C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORACLE - Oracle Corporation -

c:\oracle\ora81\bin\ORACLE.EXE

[Advertisements]

Hello

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks

[loophole]

Hello

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks

[loophole]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.