Logfile of HijackThis v1.99.1
Scan saved at 12:28:05 AM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\WINDOWS\System32\mgabg.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\system32\ntnh32.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\WINDOWS\System32\PDesk.exe
F:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\ient.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
F:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Grouper\Grouper.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\SECRETMAKER\secretmaker.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Ozero Novastar\Local Settings\Temporary Internet Files\Content.IE5\4BH0IHMO\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\system32\dozhj.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.0.0.2:20;gopher=10.0.0.2:80;http=10.0.0.2:80;https=10.0.0.2:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F6E9115F-CB79-CA19-C3AF-F3197A7072D5} - F:\WINDOWS\system32\sysrf.dll
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] F:\WINDOWS\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [RoxioEngineUtility] "F:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Optimum Online] F:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ient.exe] F:\WINDOWS\system32\ient.exe
O4 - HKLM\..\RunOnce: [ntnh32.exe] F:\WINDOWS\system32\ntnh32.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [iolo Utility Bar] "F:\Program Files\iolo\System Mechanic 5\SMUtilityBar.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "F:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "F:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Matrox PC-VCR Scheduler.lnk = F:\Program Files\Matrox Video Tools NT\PC-VCRScheduler.exe
O4 - Global Startup: Grouper.lnk = F:\Program Files\Grouper\Grouper.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Matrox PC-VCR Scheduler.lnk = F:\Program Files\Matrox Video Tools NT\PC-VCRScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SECRETMAKER.lnk = F:\Program Files\SECRETMAKER\secretmaker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2354C890-3350-11D5-85A7-0050DAEAEC2C} (DepthCharge Class) - http://www.vrex.com/...X/DCActiveX.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - F:\WINDOWS\System32\mgabg.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - F:\WINDOWS\system32\ntcw32.exe (file missing)