cs.valuead

[JuicedGixxer]

Hi,

I am having problems with a particular spyware. Ive tried looking everywhere and came to the solution that I needed to delete the proper files from my Hijack This log. I dont know need to delete. Could somebody please help me thanks.

Logfile of HijackThis v1.97.7
Scan saved at 12:43:06 PM, on 8/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\WINNT\SYSTEM32\k9nt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINNT\System32\spool\ugplot\ugiipqd.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\mcae\eds\ideas10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\NavNT\vptray.exe
C:\program files\timbuktu pro\tb2logon.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\WINNT\system32\unvs.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jsupap\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kmnav-005.jpl.nasa.gov/portal/dt
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ahs-kmnav-001.jpl.nasa.gov:8080/DesktopServlet"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4BDF622A-BC6B-24B1-D507-645508A32A1A} - C:\WINNT\system32\qdts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: LVF Helper Object - {EDB66B70-9AF0-458B-8128-CAE4ED187205} - C:\Program Files\EDS\iSeries\5_0\WebBHO.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iokasrl] C:\WINNT\system32\unvs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {86ecb6a0-400a-11d5-b638-00c04faedb18} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...890.4878703704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov
O17 - HKLM\System\CS1\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jpl.nasa.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov
O17 - HKLM\System\CS2\Services\Tcpip\..\{28C97B44-C4FD-4549-9121-31E74BCFAA61}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = jpl.nasa.gov

[Basementgeek]

I have funny feeling that the US Gov/JPL/ would not like you doing this, getting outside help for your PC.

I am sure you have tech support that is really good at tracking down spyware problems.

Going to leave this post open for the time being to see if any other moderators think that it should locked.

Cheers

[Canuck]

Must agree with Basement, your IP indicates a NASA address. Your techs should handle this problem, we would not want to put you or ourselves in a compromising position. If you wish to make further comment and let us know if we have read this incorrectly then we will gladly reopen this post.