Results 1 to 3 of 3

Thread: cs.valuead

  1. #1
    JuicedGixxer
    Guest

    Default cs.valuead

    Hi,

    I am having problems with a particular spyware. Ive tried looking everywhere and came to the solution that I needed to delete the proper files from my Hijack This log. I dont know need to delete. Could somebody please help me thanks.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:43:06 PM, on 8/2/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
    C:\WINNT\SYSTEM32\k9nt.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    c:\program files\timbuktu pro\tb2launch.exe
    c:\program files\timbuktu pro\tb2pro.exe
    C:\WINNT\System32\spool\ugplot\ugiipqd.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
    C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
    c:\program files\timbuktu pro\TNOTIFY.EXE
    C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\WINNT\system32\devldr32.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
    C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\NavNT\vptray.exe
    C:\program files\timbuktu pro\tb2logon.exe
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
    C:\WINNT\system32\unvs.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\explorer.exe
    C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jsupap\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kmnav-005.jpl.nasa.gov/portal/dt
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ahs-kmnav-001.jpl.nasa.gov:8080/DesktopServlet"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4BDF622A-BC6B-24B1-D507-645508A32A1A} - C:\WINNT\system32\qdts.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: LVF Helper Object - {EDB66B70-9AF0-458B-8128-CAE4ED187205} - C:\Program Files\EDS\iSeries\5_0\WebBHO.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Iokasrl] C:\WINNT\system32\unvs.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    O16 - DPF: {86ecb6a0-400a-11d5-b638-00c04faedb18} -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...890.4878703704
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer =
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov
    O17 - HKLM\System\CS1\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov
    O17 - HKLM\System\CS2\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I have funny feeling that the US Gov/JPL/ would not like you doing this, getting outside help for your PC.

    I am sure you have tech support that is really good at tracking down spyware problems.

    Going to leave this post open for the time being to see if any other moderators think that it should locked.

    Cheers

  3. #3
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Must agree with Basement, your IP indicates a NASA address. Your techs should handle this problem, we would not want to put you or ourselves in a compromising position. If you wish to make further comment and let us know if we have read this incorrectly then we will gladly reopen this post.