Hijackthis log, HELP !!

Computing.Net > Forums > Security and Virus > Hijackthis log, HELP !!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijackthis log, HELP !!

Name: Flemming
Date: November 17, 2003 at 00:06:59 Pacific
OS: WinXP
CPU/Ram: >512 kb

Comment:

Hi, would someone please look over my Hijackthis log.
Lately I'm getting firewall logs telling me my puter is sending out floods, and scanning every IP i visit on the internet.
I have tryed running both SpyBot, Ad-Aware 6.0, symantec virus scanning(up-to-date), and pest/cookie-control with no results what-so-ever.
Well here is my log:
Logfile of HijackThis v1.97.3
Scan saved at 08:57:50, on 17-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\G6FTPS~1\G6FTPSrv.exe
C:\WINDOWS\System32\cusrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wm.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\Explorer.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\NALNTSRV.exe
C:\WINDOWS\System32\NWTRAY.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Setec\Web and Email Security\Certutil.exe
C:\Programmer\HP CD-DVD\Umbrella\hpcdtray.exe
C:\WINDOWS\SOUNDMAN.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\dpmw32.exe
C:\Programmer\PestPatrol\CookiePatrol.exe
C:\Programmer\PestPatrol\PPControl.exe
C:\WINDOWS\System32\NALDESK.exe
C:\Programmer\PestPatrol\PPMemCheck.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.exe
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Internet Download\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskgolf.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\Setec\Web and Email Security\Certutil.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [HPCDTray] "C:\Programmer\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Programmer\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmer\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmer\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmer\PestPatrol\PPMemCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download Images by Image Collector - C:\Programmer\Internet Image Collector\iic_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6CAFBA3E-FB85-11D3-915A-08005ACEEF64} (KPSimDialog Class) - http://virk.dk/avguide/Blivbruger/plugins/kpsimie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen336.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C109D16-CDF4-4766-8586-53BA6EB22004}: NameServer = 192.168.0.1

Sponsored Link

Ads by Google

Response Number 1

Name: Tom41
Date: November 17, 2003 at 00:39:09 Pacific

Reply:

I don't see anything malicious in your log..
Does your firewall list show what program is sending the floods?

Response Number 2

Name: Flemming
Date: November 17, 2003 at 00:49:48 Pacific

Reply:

Hi Tom,
No unfortunately it does show what progs is perfoming the actions, only that the actions(and what ports was used) has occured and has been blocked by the firewall. Recently my Firewall/Router has been flooded and overloaded, so I need to do a hard reset(pull the plug) to get it going again. This is getting annoying because the survailance work I do from home can not be done when my router is blocked.
But everytime it shows my puter as the internal IP doing the attack, so I'm sure it's not any of the puters on the network.
Hopefully U can share your wisdom and help me:)
TIA
Flemming

Response Number 3

Name: cpm
Date: November 17, 2003 at 14:55:25 Pacific

Reply:

hi
this one can go
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

and then go to start>run type in MSCONFIG ok and click on the startup tab and untick these
iTouch.exe....( unless you use the keyboard shortcut keys )
nwiz.exe
hpcdtray.exe
NvTaskbarInit
acrotray.exe
OSA.EXE

Sponsored Link

Ads by Google

nokia 6600 net software pds filer realvnc log	hijackthis log analyzer Post HiJackThis log hijackthis log reader
See More

Fighting Adware & fou...

Port 135 & 445

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Hijackthis log, HELP !!

Hijackthis log HELP

Summary

www.computing.net/answers/security/hijackthis-log-help/12595.html

hijackthis log help plz.

Summary

www.computing.net/answers/security/hijackthis-log-help-plz/25381.html

CWS is Here!Hijackthis log pls help

Summary

www.computing.net/answers/security/cws-is-herehijackthis-log-pls-help/11404.html

From the Geek Dictionary
Keyboard - a keyboard is a computer control platform that has many keys,including:all ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
transfer from exp to microvault

password recovery or bypass

"save as" button

Kaspersky Internet Security 2010

boot failure

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE