Logfile of HijackThis v1.99.1
Scan saved at 09:14:29, on 23/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\documents and settings\lynne\local settings\temp\t4qd.exe
C:\Program Files\iPod\iTunesHelper.exe
C:\windows\system32\bxiigo.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\windows\system32\calc.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\LYNNE\DESKTOP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.web--search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://freeola.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...aults/su/*http:
//www.yahoo.com
R3 - URLSearchHook: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959}
- (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
C:\WINDOWS\ceres.dll
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} -
C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO -
{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} -
C:\Program Files\CxtPls\plg0\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no
file)
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
C:\WINDOWS\GPalm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
C:\WINDOWS\GPalm.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no
file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program
Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [t4qd] C:\documents and settings\lynne\local
settings\temp\t4qd.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iPod\iTunesHelper.exe
O4 - HKLM\..\Run: [bxiigo] c:\windows\system32\bxiigo.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [039U36h] plumig32.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [supernews12] C:\WINDOWS\newsd32.exe
O4 - HKLM\..\Run: [ynisgbqecz] c:\windows\system32\ynisgbqecz.exe
-start
O4 - HKCU\..\Run: [TaskTray] C:\Program
Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program
Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe
p2esocks_1019.dll,InstantAccess
O4 - HKCU\..\Run: [H0q8RWNEh] pinsockx.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program
Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: iOpus Internet Macros -
{0483894E-2422-45E0-8384-021AFF1AF3CD} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://freeola.com
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip....tgameloader.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
http://akamai.downlo..._1019_EN_XP.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
Control) -
http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://imgfarm.com/i...entralInitialSe
tup1.0.0.6.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} -
http://directplugin....ugin/113345.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
http://www.spywarest...es2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
http://www.miniclip....ro64_loader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B}
(GreasyPalmInstallHelper Class) -
http://www.greasypal.../GreasyPalm.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA}
(MaxisUnleashedLotTeleX Control) -
http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online
Scanner) - file://E:\ols\connect\fscax.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} -
http://217.73.66.16/comload.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) - http://h30043.www3.h.../qdiagh.cab?316
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.c...oolbar/yiebio5_
1_6_0.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} -
http://www.sponsorad...sWebTelecom.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send
Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) -
http://download.over...ildAppNonUS.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{094293A9-D25D-4EDD-9CEF-24FDFA89E919
}: NameServer = 80.225.252.58 80.225.252.50
O17 -
HKLM\System\CS1\Services\Tcpip\..\{094293A9-D25D-4EDD-9CEF-24FDFA89E919
}: NameServer = 80.225.252.58 80.225.252.50
O18 - Filter: text/html - {3C14C592-AE80-4510-8881-8D4974E5A0EB} -
C:\Documents and Settings\LYNNE\Local Settings\Application
Data\microsoft\internet explorer\V0.26.dat
O23 - Service: C-DillaSrv - C-Dilla Ltd -
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe