Logfile of HijackThis v1.99.1
Scan saved at 6:19:04 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo
Downloader.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\io2Software\Pen.TrayIcon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UltraDVD\DVDMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
6.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Wireless-G Portable USB
Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB
Adapter\WUSB54GP.exe
c:\program files\logitech\io2software\Pen.LplsHost.exe
c:\program files\logitech\io2software\pen.ink.download.exe
c:\program
files\logitech\io2software\loli.filesystem.accessmanager.s
erver.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Karen\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapp...comp_wave/defau
lts/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapp...comp_wave/defau
lts/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://oklahomacity.cox.net/
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://red.clientapp...comp_wave/defau
lts/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: War Rock Toolbar Helper -
{0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program
Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: War Rock Toolbar -
{5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Program
Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft
IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program
Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Pen.TrayIcon] C:\Program
Files\Logitech\io2Software\Pen.TrayIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UltraDVDMon] "C:\Program
Files\UltraDVD\DVDMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI
Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program
Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem
Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk =
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Rebate Nation -
file://C:\Program
Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus
6.0\scieplugin.dll
O9 - Extra button: ATI TV -
{44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program
Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky...fault/kavwebsca
n_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.micros.../v6/V5Controls/
en/x86/client/muweb_site.cab?1143743469061
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www2.incredim...downloader_sp1/
imloader.cab
O20 - Winlogon Notify: klogon -
C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown
owner - C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: B's Recorder GOLD Library General Service
(bgsvcgen) - B.H.A Corporation -
C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: GEARSecurity - GEAR Software -
C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Digital Pen rendezvous server
(PenRendezvous) - Logitech - C:\Program Files\Common
Files\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Digital Pen Socket to USB protocol (PenSup)
- Logitech - C:\Program Files\Common
Files\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Pml Driver - HP -
C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra
Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware
- C:\Program Files\SiSoftware\SiSoftware Sandra Lite
2005.SR1\RpcSandraSrv.exe
O23 - Service: WUSB54GPSVC - Unknown owner - C:\Program
Files\Wireless-G Portable USB Adapter\WLService.exe"
"WUSB54GP.exe (file missing)