Logfile of HijackThis v1.99.1
Scan saved at 4:59:05 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\D4\D4.exe
F:\Program Files\Raxco\PerfectDisk\PDAgent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\D4\D4.exe
F:\Program Files\Iomega\AutoDisk\ADUserMon.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\system32\rmctrl.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\RFA\rfagent.exe
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fs30.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Camtech\SpySites-Plus\SpySitesP.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.uzy
F:\WINDOWS\System32\svchost.exe
F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
F:\Program Files\A4Proxy\A4Proxy.exe
F:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\MailWasher Pro\MailWasher.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgmain.exe
F:\Program Files\Robomagic\WetSock\wetsock.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgbhp.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\DOCUME~1\ADMINI~1.AL-\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://islamworld.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NONE HAS THE RIGHT TO BE WORSHIPPED BUT ALLAH!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\DOWNLO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: StealthSurf X-treme Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SalatTimes] "F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\Sala28\Salat.exe" /t 0
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] F:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] F:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] F:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Windows Clean-Up Pro] F:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.Exe
O4 - HKLM\..\Run: [rfagent] "F:\Program Files\DOWNLOADED INSTALLATIONS\RFA\rfagent.exe"
O4 - HKLM\..\Run: [freesurfer] F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fs30.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySites Plus] F:\Program Files\Camtech\SpySites-Plus\SpySitesP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\DOWNLOADED INSTALLATIONS\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: A4Proxy.lnk = F:\Program Files\A4Proxy\A4Proxy.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = F:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\DOWNLOADED INSTALLATIONS\MailWasher Pro\MailWasher.exe
O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgmain.exe
O4 - Startup: WetSock.lnk = F:\Program Files\Robomagic\WetSock\wetsock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - F:\DOCUME~1\ADMINI~1\DOWNLO~1\SECURI~1\VISUAL~1\NTXcontext.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - F:\DOCUME~1\ADMINI~1\DOWNLO~1\SECURI~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: F:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://www.broadbandreports.com
O15 - Trusted Zone: http://*.capitalone.com
O15 - Trusted Zone: http://www.cognitivedistortion.com
O15 - Trusted Zone: http://*.debian.com
O15 - Trusted Zone: http://members.digitalblasphemy.com
O15 - Trusted Zone: http://www.digitalblasphemy.com
O15 - Trusted Zone: http://download.lava...e.edgesuite.net
O15 - Trusted Zone: http://listen.hos.com
O15 - Trusted Zone: http://www.hos.com
O15 - Trusted Zone: http://*.islamworld.net
O15 - Trusted Zone: http://www.jihadunspun.com
O15 - Trusted Zone: http://iraqwar.mirror-world.ru
O15 - Trusted Zone: http://www.themejunkie.com
O15 - Trusted Zone: http://www.ummah.net
O15 - Trusted Zone: http://www.uruknet.info
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121551354030
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in) -
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dimension4 - Thinking Man Software - F:\Program Files\D4\D4.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - F:\WINDOWS\
O23 - Service: Iomega App Services - Iomega Corporation - F:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PDAgent - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - F:\Program Files\Iomega\AutoDisk\ADService.exe