Logfile of HijackThis v1.99.1
Scan saved at 8:54:52 AM, on 2/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINNT\system32\w?auclt.exe
C:\PROGRA~1\COMMON~1\SSEMBL~1\wucrtupd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wzceef\HijackThis.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {FA0D365B-F1BA-8618-CD3E-FEBAAF4743E4} - C:\WINNT\system32\ylis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINNT\system32\req.dat (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FA0D365B-F1BA-8618-CD3E-FEBAAF4743E4} - C:\WINNT\system32\ylis.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [SysInit] wininit32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [SysInit] wininit32.exe
O4 - HKCU\..\Run: [Kjyh] C:\WINNT\system32\w?auclt.exe
O4 - HKCU\..\Run: [Wulo] "C:\PROGRA~1\COMMON~1\SSEMBL~1\wucrtupd.exe" -vt rbnd
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{517D4788-E47C-405D-A4AB-379BBDC445AC}: NameServer = 68.87.68.162,68.87.74.162
O20 - Winlogon Notify: req - C:\WINNT\system32\req.dat (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe