Logfile of HijackThis v1.99.1
Scan saved at 12:19:38 PM, on 9/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINNT\MSDHCP.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\TrueCryptService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\dev\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k662.com/home.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 172.20.32.7 tormerchapp
O1 - Hosts: 172.20.32.8 tormerchdb
O1 - Hosts: 172.20.32.10 p1
O1 - Hosts: 172.20.32.11 p2
O1 - Hosts: 172.20.32.20 p3
O1 - Hosts: 172.20.32.21 p4
O1 - Hosts: 172.20.32.30 d1
O1 - Hosts: 172.20.32.31 d2
O1 - Hosts: 172.20.32.50 s1
O1 - Hosts: 172.20.32.51 s2
O1 - Hosts: 172.20.32.52 s3
O2 - BHO: (no name) - {8FA05C9B-5498-4312-957B-BDD73399F94E} - C:\WINNT\system32\drmclient1.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-It Dead] C:\Program Files\Pop-It Dead\PopItDead.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Net Driver] C:\WINNT\system32\netcfgw.exe
O4 - HKLM\..\Run: [Systems32] C:\WINNT\system32\Server.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKLM\..\Run: [Start] Start.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [EndTask Pro] C:\Program Files\EndTask\EndTask Pro\EndTaskPro.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - HKCU\..\Run: [Start] Start.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cn_spiex.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://myvpn.harleq.../VPNInstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Blue Ridge Networks Client Services (BlueRidgeSvc) - Blue Ridge Networks, Inc. - C:\Program Files\Blue Ridge Networks\Blue Ridge VPN Client\BlueRidgeSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: DHCP Service (MSDHCP) - Unknown owner - C:\WINNT\MSDHCP.exe
O23 - Service: NWS (Net Work Services) - Unknown owner - C:\WINNT\ntkernel.exe (file missing)
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\WINNT\NVPNs.exe
O23 - Service: SVCH0ST - Unknown owner - C:\WINNT\system32\SVCH0ST.exe (file missing)
O23 - Service: TrueCrypt Service (TrueCryptService) - TrueCrypt Foundation - C:\WINNT\SYSTEM32\TrueCryptService.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINNT\winupdate.exe (file missing)
errors - the instruction at 0x00fe2fd referenced memory at 0x0000002c. the memory could not be read.
task manager header not showing to kill any process.