Logfile of HijackThis v1.99.0
Scan saved at 17:33:21, on 16/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\stimdmsp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\Len.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\srsidctl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Westbourne\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1526/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1526/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1526/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1526/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1526/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1526/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1526/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ejdhcl.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF34B874-4D21-4835-88D0-DC86B430CB82} - C:\WINDOWS\System32\ejdhcl.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [msuk.exe] C:\WINDOWS\msuk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\temp\CXTPLS~1.EXE" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers
O4 - HKLM\..\Run: [usrj3tV] stimdmsp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Hrm] C:\WINDOWS\System32\Len.exe
O4 - HKLM\..\Run: [Nvc] C:\WINDOWS\Crn.exe
O4 - HKLM\..\Run: [Rqg] C:\WINDOWS\System32\Cnf.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Naa.exe
O4 - HKLM\..\Run: [Osr] C:\WINDOWS\System32\Fmn.exe
O4 - HKLM\..\Run: [Gbs] C:\WINDOWS\System32\Vjr.exe
O4 - HKLM\..\Run: [Hrt] C:\WINDOWS\Bbg.exe
O4 - HKLM\..\Run: [Rav] C:\WINDOWS\Jfe.exe
O4 - HKLM\..\Run: [Usu] C:\WINDOWS\Esg.exe
O4 - HKLM\..\Run: [Gon] C:\WINDOWS\System32\Cch.exe
O4 - HKLM\..\Run: [Oib] C:\WINDOWS\System32\Egj.exe
O4 - HKLM\..\Run: [Kjk] C:\WINDOWS\Oud.exe
O4 - HKLM\..\Run: [Pfp] C:\WINDOWS\System32\Lsg.exe
O4 - HKLM\..\Run: [Pvc] C:\WINDOWS\Fnd.exe
O4 - HKLM\..\Run: [Psg] C:\WINDOWS\Aur.exe
O4 - HKLM\..\Run: [Srt] C:\WINDOWS\Tap.exe
O4 - HKLM\..\Run: [Qrt] C:\WINDOWS\System32\Jhd.exe
O4 - HKLM\..\Run: [Kvp] C:\WINDOWS\System32\Ovq.exe
O4 - HKLM\..\Run: [Eia] C:\WINDOWS\Cji.exe
O4 - HKLM\..\Run: [Qtv] C:\WINDOWS\System32\Cjo.exe
O4 - HKLM\..\Run: [Rtc] C:\WINDOWS\System32\Ids.exe
O4 - HKLM\..\Run: [Ohu] C:\WINDOWS\Gin.exe
O4 - HKLM\..\Run: [Bum] C:\WINDOWS\System32\Emi.exe
O4 - HKLM\..\Run: [Jbv] C:\WINDOWS\System32\Lgn.exe
O4 - HKLM\..\Run: [Amq] C:\WINDOWS\Kqh.exe
O4 - HKLM\..\Run: [Ihf] C:\WINDOWS\Rap.exe
O4 - HKLM\..\Run: [Cud] C:\WINDOWS\Ipj.exe
O4 - HKLM\..\Run: [Qdb] C:\WINDOWS\Ljc.exe
O4 - HKLM\..\Run: [Oml] C:\WINDOWS\System32\Qft.exe
O4 - HKLM\..\Run: [Lom] C:\WINDOWS\System32\Sse.exe
O4 - HKLM\..\Run: [Uqk] C:\WINDOWS\System32\Lin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [fB0tRjZ8l] srsidctl.exe
O4 - HKCU\..\Run: [Hrm] C:\WINDOWS\System32\Len.exe
O4 - HKCU\..\Run: [Nvc] C:\WINDOWS\Crn.exe
O4 - HKCU\..\Run: [Rqg] C:\WINDOWS\System32\Cnf.exe
O4 - HKCU\..\Run: [Hrn] C:\WINDOWS\Naa.exe
O4 - HKCU\..\Run: [Osr] C:\WINDOWS\System32\Fmn.exe
O4 - HKCU\..\Run: [Gbs] C:\WINDOWS\System32\Vjr.exe
O4 - HKCU\..\Run: [Hrt] C:\WINDOWS\Bbg.exe
O4 - HKCU\..\Run: [Rav] C:\WINDOWS\Jfe.exe
O4 - HKCU\..\Run: [Usu] C:\WINDOWS\Esg.exe
O4 - HKCU\..\Run: [Gon] C:\WINDOWS\System32\Cch.exe
O4 - HKCU\..\Run: [Oib] C:\WINDOWS\System32\Egj.exe
O4 - HKCU\..\Run: [Kjk] C:\WINDOWS\Oud.exe
O4 - HKCU\..\Run: [Pfp] C:\WINDOWS\System32\Lsg.exe
O4 - HKCU\..\Run: [Pvc] C:\WINDOWS\Fnd.exe
O4 - HKCU\..\Run: [Psg] C:\WINDOWS\Aur.exe
O4 - HKCU\..\Run: [Srt] C:\WINDOWS\Tap.exe
O4 - HKCU\..\Run: [Qrt] C:\WINDOWS\System32\Jhd.exe
O4 - HKCU\..\Run: [Kvp] C:\WINDOWS\System32\Ovq.exe
O4 - HKCU\..\Run: [Eia] C:\WINDOWS\Cji.exe
O4 - HKCU\..\Run: [Qtv] C:\WINDOWS\System32\Cjo.exe
O4 - HKCU\..\Run: [Rtc] C:\WINDOWS\System32\Ids.exe
O4 - HKCU\..\Run: [Ohu] C:\WINDOWS\Gin.exe
O4 - HKCU\..\Run: [Bum] C:\WINDOWS\System32\Emi.exe
O4 - HKCU\..\Run: [Jbv] C:\WINDOWS\System32\Lgn.exe
O4 - HKCU\..\Run: [Amq] C:\WINDOWS\Kqh.exe
O4 - HKCU\..\Run: [Ihf] C:\WINDOWS\Rap.exe
O4 - HKCU\..\Run: [Cud] C:\WINDOWS\Ipj.exe
O4 - HKCU\..\Run: [Qdb] C:\WINDOWS\Ljc.exe
O4 - HKCU\..\Run: [Oml] C:\WINDOWS\System32\Qft.exe
O4 - HKCU\..\Run: [Lom] C:\WINDOWS\System32\Sse.exe
O4 - HKCU\..\Run: [Uqk] C:\WINDOWS\System32\Lin.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\DOCUME~1\WESTBO~1\LOCALS~1\Temp\something.dll (file missing)
O9 - Extra button: Spin Palace Poker - {3A56EF1B-B8B8-45f6-9F79-1CC1778B9091} - C:\Program Files\spinpalaceMPP\MPPoker.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4F1BBBA4-ED2F-47E6-A70C-932CFAB41505} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4F1BBBA4-ED2F-47E6-A70C-932CFAB41505} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {6595E51D-BB87-4B23-9AB8-6A8503C5110F} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6595E51D-BB87-4B23-9AB8-6A8503C5110F} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft® JavaScript® Console - {7AC5455A-6EF6-421C-85A8-50D46C502631} - C:\WINDOWS\System32\COMDLG32.OCX (file missing)
O9 - Extra 'Tools' menuitem: JavaScript Console - {7AC5455A-6EF6-421C-85A8-50D46C502631} - C:\WINDOWS\System32\COMDLG32.OCX (file missing)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\c_10230.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\DOCUME~1\WESTBO~1\LOCALS~1\Temp\something.dll (file missing) (HKCU)
O9 - Extra button: BT - {405C416D-4551-4E85-B51B-20FFBAD51DBC} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4F1BBBA4-ED2F-47E6-A70C-932CFAB41505} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4F1BBBA4-ED2F-47E6-A70C-932CFAB41505} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6595E51D-BB87-4B23-9AB8-6A8503C5110F} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6595E51D-BB87-4B23-9AB8-6A8503C5110F} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {7AC5455A-6EF6-421C-85A8-50D46C502631} - C:\WINDOWS\System32\COMDLG32.OCX (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {7AC5455A-6EF6-421C-85A8-50D46C502631} - C:\WINDOWS\System32\COMDLG32.OCX (file missing) (HKCU)
O9 - Extra button: Help - {7F297F74-0063-4735-993E-9EAFA79590B5} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\c_10230.dll (HKCU)
O9 - Extra button: Homepage - {A56A80C4-AE5A-4718-8651-C4ECC3CB706E} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O13 - DefaultPrefix: http://www.nkvd.us/1526/
O13 - WWW Prefix: http://www.nkvd.us/1526/
O13 - Home Prefix: http://www.nkvd.us/1526/
O13 - Mosaic Prefix: http://www.nkvd.us/1526/
O13 - FTP Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex....p?said=pfxp&qq=
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {11010101-1001-1111-1000-117622141983} - ms-its:c:\winhelp.chm::/d_cj.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.bti...lcontrol013.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://mediamessagin...loadControl.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.bti...bcontrol024.cab
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020searc.../2020Search.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D373E6-0816-4D11-AA1C-ED585BC9D789}: NameServer = 213.1.119.102 213.1.119.103
O18 - Filter: text/html - {75E39A11-D0F2-4B76-B271-77EB1833D38D} - C:\WINDOWS\System32\ejdhcl.dll
O21 - SSODL: NTDBGTOOL - {900E42FF-F3DE-441E-BE39-60E4C613EB5E} - C:\WINDOWS\System32\quicanim.dll
O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)