Logfile of HijackThis v1.98.0
Scan saved at 2:54:00 PM, on 8/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\nsl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\pmsvc.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Oracle\Ora81\bin\omtsreco.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lotus\Sametime Client\vzconnect.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\winnt\profiles\crdecker\local settings\temp\ICBHCH.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\winnt\profiles\crdecker\local settings\temp\ICBHCH.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lotus\Sametime Client\activmon.srv
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\winnt\profiles\crdecker\local settings\temp\KaFa.exe
C:\WINNT\system32\Cxe0n.exe
C:\WINNT\system32\LwiPYJ.exe
C:\Program Files\Ad Arrest IE Popup Killer\adarrest.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9B7AA30F-8FEF-4896-8DA0-D858AE072976} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - c:\winnt\profiles\crdecker\local settings\temp\Ir5.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [ICBHCH.exe] C:\winnt\profiles\crdecker\local settings\temp\ICBHCH.exe
O4 - HKLM\..\Run: [2JWH5Y35Q#YWJ8] C:\WINNT\system32\TafqX5mo.exe
O4 - HKLM\..\Run: [ICBHCH] C:\winnt\profiles\crdecker\local settings\temp\ICBHCH.exe
O4 - HKLM\..\Run: [vafcp] C:\WINNT\vafcp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Plus!\Microsoft Internet\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
