Log for HiJackThis..................
Logfile of HijackThis v1.99.1
Scan saved at 10:31:36 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Aladdin Systems\StuffIt Standard\stuffit.exe
C:\Documents and Settings\Prateek\Application Data\Aladdin Systems\StuffIt\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lcsinchom.....ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npwinamp.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...a07f7dc4_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linktopc.web.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AT Host Service (atnthost) - Unknown owner - C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NsEngine - Unknown owner - C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
O23 - Service: SpamCatcherUniversal - Unknown owner - C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe
My Log from SuperAntiVirus...................................
SUPERAntiSpyware Scan Log
Generated 05/27/2007 at 01:45 PM
Application Version : 3.6.1000
Core Rules Database Version : 3245
Trace Rules Database Version: 1256
Scan type : Complete Scan
Total Scan Time : 00:30:52
Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 7901
Registry threats detected : 43
File items scanned : 41718
File threats detected : 47
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
Adware.MovieLand/MediaPipe
HKLM\Software\ITBILL
HKLM\Software\ITBILL#PROV
HKLM\Software\ITBILL#Product
HKLM\Software\ITBILL#ProductFamily
HKLM\Software\ITBILL#TRAFFIC_TYPE
HKLM\Software\ITBILL#InstallTime
HKLM\Software\ITBILL#GUID
HKLM\Software\ITBILL#METADATA
HKLM\Software\ITBILL\CONFIG
HKLM\Software\ITBILL\CONFIG#url
HKLM\Software\ITBILL\CONFIG#domain
HKLM\Software\ITBILL\CONFIG#tracker
HKLM\Software\ITBILL\CONFIG#updates
HKLM\Software\ITBILL\CONFIG#val1
HKLM\Software\ITBILL\CONFIG#val2
HKLM\Software\ITBILL\CONFIG#val3
HKLM\Software\ITBILL\CONFIG#val4
HKLM\Software\ITBILL\CONFIG#activity
HKLM\Software\ITBILL\CONFIG#last
HKLM\Software\ITBILL\CONFIG#freeze
HKLM\Software\ITBILL\FSUPPORT
HKLM\Software\ITBILL\FSUPPORT#install_date
HKLM\Software\ITBILL\FSUPPORT#install_time
HKLM\Software\ITBILL\FSUPPORT#ip_addr
HKLM\Software\ITBILL\FSUPPORT#user_country
HKLM\Software\ITBILL\FSUPPORT#dir_country
HKLM\Software\ITBILL\FSUPPORT#userid
HKLM\Software\ITBILL\FSUPPORT#cid
HKLM\Software\ITBILL\FSUPPORT#guid
HKLM\Software\ITBILL\FSUPPORT#ts
HKLM\Software\ITBILL\FSUPPORT#tss
HKLM\Software\ITBILL\FSUPPORT#idelta
HKLM\Software\ITBILL\FSUPPORT#traffic_type
HKLM\Software\ITBILL\FSUPPORT#altpay
HKLM\Software\ITBILL\FSUPPORT#product
HKLM\Software\ITBILL\UPDATE
HKLM\Software\ITBILL\UPDATE#Config
HKLM\Software\ITBILL\UPDATE#Module
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPipe
HKCR\AppId\MediaPipe.EXE
HKCR\AMNotifier.HUBAWindow.1
HKCR\AMNotifier.HUBAWindow.1\CLSID
Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\stera.job
Browser Hijacker.Favorites
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Ace On-line Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\The American Dream Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Top On-line Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Jackpot On-line Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Best Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Best Gamble Casinos.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Casino Reviews.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Casino Bonuses.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Party Poker.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Carnival.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Club DICE.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Club DICE Poker.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Usa Casino.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Monaco Gold Casino.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\New York Casino.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Ruby Bingo.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\You Bingo.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Joyland.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Prestige.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Prestige Poker.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Prestige Bingo.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Diamond Club.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Dliamond Club Poker.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Playgate.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling\Playgate Poker.url
C:\Documents and Settings\Prateek\Favorites\Games\Casino - Gambling
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\JAVA GAMES FOR MOBILE.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\FLASH GAMES FOR MOBILE.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\BOONTY GAMES.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\SUDOKU.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\COWABANGA.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\KOBE BALLS.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\SNOWBALL WARS.URL
C:\DOCUMENTS AND SETTINGS\PRATEEK\FAVORITES\GAMES\SUPER BOXING.URL
Malware.Trust Cleaner
C:\Program Files\Trust Cleaner\TrustCleaner_log.txt
C:\Program Files\Trust Cleaner\xas.dat
C:\Program Files\Trust Cleaner
Adware.TrustInCash
C:\WINDOWS\SYSTEM32\GLOBO.XML
Worm.Alcra Variant
C:\WINDOWS\SYSTEM32\PING.COM
C:\WINDOWS\SYSTEM32\TRACERT.COM
C:\WINDOWS\SYSTEM32\TASKLIST.COM
C:\WINDOWS\SYSTEM32\CMD.COM
Trojan.TLoad
C:\WINDOWS\DOWNLOADED PROGRAM FILES\TLOAD.INF
Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT
Browser Hijacker.MS Web Search
C:\WINDOWS\LOCAL.HTML
Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0A\OPTCLEAN.EXE