Logfile of HijackThis v1.99.1
Scan saved at 8:33:32 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\321Studios\Platinum\XPress.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 199.181.132.174 abclocal.go.com
O1 - Hosts: 66.161.85.195 accessories.gateway.com
O1 - Hosts: 155.47.32.225 acunix.wheatonma.edu
O1 - Hosts: 65.61.157.153 adserver.sharewareonline.com
O1 - Hosts: 198.181.158.81 affinity.progressive.com
O1 - Hosts: 64.40.101.168 amazingdietpatches.com
O1 - Hosts: 216.239.35.21 apps5.oingo.com
O1 - Hosts: 12.120.9.15 apsc.disney.go.com
O1 - Hosts: 65.54.206.116 articles.health.msn.com
O1 - Hosts: 65.167.18.23 autos.hamptonroads.com
O1 - Hosts: 66.45.111.24 bankofamerica.via.infonow.net
O1 - Hosts: 84.53.144.6 barbie.everythinggirl.com
O1 - Hosts: 12.159.48.110 bcpfc.com
O1 - Hosts: 198.22.123.88 bestbuybiz.com
O1 - Hosts: 66.43.31.187 boards.ancestry.com
O1 - Hosts: 66.35.204.11 boards.lp.findlaw.com
O1 - Hosts: 207.24.42.179 bookstore.lexis.com
O1 - Hosts: 64.235.234.82 breaktru.com
O1 - Hosts: 63.210.62.88 c5.zedo.com
O1 - Hosts: 207.178.219.43 carvel.know-where.com
O1 - Hosts: 12.96.162.54 catalog.heifer.org
O1 - Hosts: 143.166.224.206 catalog.us.dell.com
O1 - Hosts: 216.113.176.11 cgi.ebay.com
O1 - Hosts: 207.46.203.26 classic.zone.msn.com
O1 - Hosts: 69.20.118.62 compusa.crossmediaservices.com
O1 - Hosts: 143.166.83.15 configure.us.dell.com
O1 - Hosts: 68.236.73.137 corp.sec.state.ma.us
O1 - Hosts: 63.111.32.160 corporate.hallauto.com
O1 - Hosts: 69.20.125.145 couponcart.com
O1 - Hosts: 195.161.113.90 crackz.ws
O1 - Hosts: 64.12.184.141 csmail.compuserve.com
O1 - Hosts: 151.138.2.150 directory.superpages.com
O1 - Hosts: 198.187.189.83 disney.go.com
O1 - Hosts: 64.152.73.177 dist.belnk.com
O1 - Hosts: 209.96.167.48 dssiad.dss.state.va.us
O1 - Hosts: 81.169.171.153 electronics.nusego.com
O1 - Hosts: 207.68.181.248 entertainment.msn.com
O1 - Hosts: 64.55.28.210 esreg.eversave.com
O1 - Hosts: 63.251.169.251 find.intelius.com
O1 - Hosts: 69.31.4.211 gfx.dvlabs.com
O1 - Hosts: 193.108.95.48 group.classmates.com
O1 - Hosts: 66.135.196.51 half.ebay.com
O1 - Hosts: 68.99.123.155 hamptonroads.cox.net
O1 - Hosts: 157.254.235.97 home.rca.com
O1 - Hosts: 203.109.252.73 homepages.ihug.com.au
O1 - Hosts: 207.107.211.106 hsn2.mvm.com
O1 - Hosts: 66.135.204.150 hub.ebay.com
O1 - Hosts: 66.151.37.218 idine.upromise.com
O1 - Hosts: 146.82.218.134 images.amazon.com
O1 - Hosts: 64.74.135.240 images.redenvelope.com
O1 - Hosts: 69.20.118.59 instorespecials.staples.com
O1 - Hosts: 208.240.242.215 intuitmarket.intuit.com
O1 - Hosts: 66.219.45.10 journyx.com
O1 - Hosts: 65.218.41.191 kbse.frontrange.com
O1 - Hosts: 66.43.22.183 landing.ancestry.com
O1 - Hosts: 66.35.204.14 lawcrawler.findlaw.com
O1 - Hosts: 130.94.127.37 lawinfo.com
O1 - Hosts: 63.241.65.22 login.hiptop.suncom.com
O1 - Hosts: 64.233.161.99 maps.google.com
O1 - Hosts: 64.29.218.60 marketplace.intuit.com
O1 - Hosts: 65.54.179.215 memberservices.passport.net
O1 - Hosts: 64.4.15.61 messenger.msn.com
O1 - Hosts: 216.235.242.58 mma.tv
O1 - Hosts: 216.183.103.150 money.howstuffworks.com
O1 - Hosts: 207.46.189.15 moneycentral.msn.com
O1 - Hosts: 207.46.248.109 msdn.microsoft.com
O1 - Hosts: 207.46.196.115 msdn.microsoft.com
O1 - Hosts: 66.43.22.82 msn.ancestry.com
O1 - Hosts: 207.46.150.50 msnbc.msn.com
O1 - Hosts: 216.239.115.144 msn-cnet.com.com
O1 - Hosts: 84.53.144.22 mtvshop.mtv.com
O1 - Hosts: 207.68.180.245 music.msn.com
O1 - Hosts: 209.148.64.36 my.look.ca
O1 - Hosts: 63.240.86.121 my.webmd.com
O1 - Hosts: 209.8.166.184 myscene.everythinggirl.com
O1 - Hosts: 63.144.197.208 new.cityofnewport.com
O1 - Hosts: 64.94.29.61 newnet.qsrch.com
O1 - Hosts: 68.10.16.30 ns1.hr.cox.net
O1 - Hosts: 209.143.236.21 oas-central.realmedia.com
O1 - Hosts: 65.54.206.30 office.microsoft.com
O1 - Hosts: 64.4.52.30 office.microsoft.com
O1 - Hosts: 69.20.118.65 officemax.crossmediaservices.com
O1 - Hosts: 216.136.224.164 order.store.yahoo.com
O1 - Hosts: 66.135.208.88 pages.ebay.com
O1 - Hosts: 216.75.194.173 partner.getconnected.com
O1 - Hosts: 66.135.203.117 payments.ebay.com
O1 - Hosts: 159.18.178.9 payroll.ru.com
O1 - Hosts: 151.138.2.169 phonebook.superpages.com
O1 - Hosts: 199.181.134.247 play.toontown.com
O1 - Hosts: 199.89.199.30 pollypocket.everythinggirl.com
O1 - Hosts: 66.161.85.193 products.gateway.com
O1 - Hosts: 66.135.195.245 promo.ebay.com
O1 - Hosts: 198.187.190.65 psc.disney.go.com
O1 - Hosts: 69.64.36.226 ravenlive.com
O1 - Hosts: 12.152.18.38 rc.lendingtree.com
O1 - Hosts: 66.135.210.143 realestate.listings.ebay.com
O1 - Hosts: 65.161.25.60 rebates.teg-online.com
O1 - Hosts: 209.35.183.212 regdeeds.co.plymouth.ma.us
O1 - Hosts: 130.94.127.42 resources.lawinfo.com
O1 - Hosts: 193.108.95.23 s7ondemand1.scene7.com
O1 - Hosts: 194.204.33.20 search.cwbsearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [bjovkruh] C:\WINDOWS\System32\agdwnj.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZZ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://quickbooks.in...bles/ie/IDA.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...der/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\Program Files\Aluria Software\ASE\ASEServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe