Scan saved at 3:47:31 PM, on
10/3/2007
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\iS3\Anti-Spyware\SZServer.e
xe
C:\WINDOWS\system32\ZoneLabs\vsmo
n.exe
C:\WINDOWS\Explorer.EXE
C:\Program
Files\STOPzilla!\STOPzilla.exe
C:\Program
Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceServ
ice.exe
C:\Program
Files\Backup995\res\ntservice.exe
C:\WINDOWS\system32\DRIVERS\CDANT
SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend
Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend
Micro\AntiVirus
2007\Components\tmproxy.exe
C:\WINDOWS\System32\wbem\aolserve
r.exe
C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wkservice.exe
C:\Program Files\Trend
Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\cihwboz.exe
C:\Program Files\Impact Software
LLC\iSync 2.1\NoticeP.exe
C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program
Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy
Sweeper\SSU.EXE
C:\Program
Files\Hijackthis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?L
inkId=54896
R0 -
HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.charter.net/
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?L
inkId=69157
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL
=
http://go.microsoft.com/fwlink/?L
inkId=54896
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr
?TYPE=3&tp=iesearch&locale=EN_US&
c=Q304&bd=pavilion&pf=desktop
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?L
inkId=54896
R0 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?L
inkId=69157
R1 -
HKCU\Software\Microsoft\Windows\C
urrentVersion\Internet
Settings,ProxyOverride =
localhost
O2 - BHO: Adobe PDF Reader Link
Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6B
E0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroI
EHelper.dll
O2 - BHO: ZILLAbar BHO -
{1827766B-9F49-4854-8034-F6EE26FC
B1EC} - C:\Program
Files\STOPzilla!\ZB2.dll (file
missing)
O2 - BHO: Spybot-S&D IE
Protection -
{53707962-6F74-2D53-2644-206D7942
484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator
Helper -
{69A87B7D-DE56-4136-9655-716BA50C
19C7} - (no file)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D9
2D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dl
l
O2 - BHO: Me.dium IE Add-on -
{D5E5C1E6-78DB-49F0-A137-8D594F34
2FD6} - "C:\Program
Files\Me.dium\Me.dium IE
Add-on\MediumIEAddOn.dll" (file
missing)
O2 - BHO: STOPzilla Browser
Helper Object -
{E3215F20-3212-11D6-9F8B-00D0B743
919D} - C:\Program
Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view -
{B2847E28-5D7D-4DEB-8B67-05D28BCF
79F5} - c:\program
files\hp\digital
imaging\bin\hpdtlk02.dll
O3 - Toolbar: Google Web
Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D8
7CBF} - (no file)
O3 - Toolbar: STOPzilla -
{98828DED-A591-462F-83BA-D2F62A68
B8B8} - C:\Program
Files\STOPzilla!\ZB2.dll (file
missing)
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon]
"RUNDLL32.EXE"
C:\WINDOWS\system32\NvCpl.dll,NvS
tartup
O4 - HKLM\..\Run: [Trend Micro
AntiVirus 2007] "C:\Program
Files\Trend Micro\AntiVirus
2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [NoticeP.exe]
"C:\Program Files\Impact Software
LLC\iSync 2.1\NoticeP.exe"
O4 - HKLM\..\Run: [Adobe Reader
Speed Launcher] "C:\Program
Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software
Update] "C:\Program Files\Hp\HP
Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD]
C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA
magicolor 2400W STD]
"C:\WINDOWS\system32\MSTMON_S.EXE
" STARTUP
O4 - HKLM\..\Run: [nwiz]
"nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter]
"RUNDLL32.EXE"
C:\WINDOWS\system32\NvMcTray.dll,
NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm
Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime
Task] "C:\Program
Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [eqt]
C:\WINDOWS\system32\eqt.exe
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [chothcnvta]
C:\WINDOWS\system32\chothcnvta.ex
e
O4 - HKLM\..\Run: [cihwboz]
C:\WINDOWS\system32\cihwboz.exe
O4 - HKLM\..\Run: [SpySweeper]
"C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe"
/startintray
O4 - HKLM\..\RunServices: [u]
C:\WINDOWS\system32\u.exe
O4 - HKLM\..\RunServices:
[wxechzzmsaqa]
C:\WINDOWS\system32\wxechzzmsaqa.
exe
O4 - HKLM\..\RunServices: [v]
C:\WINDOWS\system32\v.exe
O4 - HKLM\..\RunServices:
[snpzlp]
C:\WINDOWS\system32\snpzlp.exe
O4 - HKLM\..\RunServices:
[egbpcc]
C:\WINDOWS\system32\egbpcc.exe
O4 - HKLM\..\RunServices: [wy]
C:\WINDOWS\system32\wy.exe
O4 - HKLM\..\RunServices: [nen]
C:\WINDOWS\system32\nen.exe
O4 - HKLM\..\RunServices: [fx]
C:\WINDOWS\system32\fx.exe
O4 - HKLM\..\RunServices:
[eehymbxvlxgg]
C:\WINDOWS\system32\eehymbxvlxgg.
exe
O4 - HKLM\..\RunServices:
[mdtnsdge]
C:\WINDOWS\system32\mdtnsdge.exe
O4 - HKLM\..\RunServices: [eqt]
C:\WINDOWS\system32\eqt.exe
O4 - HKLM\..\RunServices:
[oiserqal]
C:\WINDOWS\system32\oiserqal.exe
O4 - HKLM\..\RunServices:
[wbiliduvt]
C:\WINDOWS\system32\wbiliduvt.exe
O4 - HKLM\..\RunServices:
[cihwboz]
C:\WINDOWS\system32\cihwboz.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD
TeaTimer] "C:\Program
Files\Spybot - Search &
Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [BackupNotify]
"c:\Program Files\HP\Digital
Imaging\bin\backupnotify.exe"
O4 - HKCU\..\RunOnce: [RWIP-UNB]
"C:\DOCUME~1\Owner\MYDOCU~1\RWCCl
eaB.exe"
"C:\PROGRA~1\R-WIPE~1\_RWIPE~2.EX
E"
O4 - HKCU\..\RunOnce: [RWIP-UN5]
"C:\DOCUME~1\Owner\MYDOCU~1\RWCCl
ea5.exe"
"C:\PROGRA~1\R-WIPE~1\RWIPEI~1.EX
E"
O6 -
HKCU\Software\Policies\Microsoft\
Internet Explorer\Restrictions
present
O6 -
HKCU\Software\Policies\Microsoft\
Internet Explorer\Control Panel
present
O6 -
HKCU\Software\Policies\Microsoft\
Internet
Explorer\Toolbars\Restrictions
present
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C60
8501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dl
l
O9 - Extra 'Tools' menuitem: Sun
Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C60
8501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dl
l
O9 - Extra button: Start or stop
sharing with Me.dium -
{47F8FF58-8C1E-4584-92CD-CE8B1FE1
AF44} - "C:\Program
Files\Me.dium\Me.dium IE
Add-on\MediumIEAddOn.dll" (file
missing)
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A
8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REF
IEBAR.DLL
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36F
D2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem:
Spybot - Search & Destroy
Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36F
D2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba3849
6583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba3849
6583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F79
5683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F79
5683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group:
[INTERNATIONAL] International*
O16 - DPF:
{00C0A1F2-D492-4DBA-A8E2-76CB1B79
1724} (TNPLDownloader Control) -
https://dtwx2.accuweather.com/tnp
l_awda/client/download/TNPLDownlo
ader.cab
O16 - DPF:
{0A706A23-DEF4-4C4B-B1F6-96AAB61F
2257} (TIExpertControl Object) -
https://techinline.net/Expert/TIE
Xpert.cab
O16 - DPF:
{17D667BA-5675-4AAB-9221-08B93793
84D4} (Image Uploader Control) -
http://cdnimg.piczo.com/images/up
loader/piczo_fast_uploader.cab
O16 - DPF:
{238F6F83-B8B4-11CF-8771-00A02454
1EE3} (Citrix ICA Client) -
http://a516.g.akamai.net/f/516/25
175/7d/runaware.download.akamai.c
om/25175/citrix/wficat-no-eula.ca
b
O16 - DPF:
{2BC66F54-93A8-11D3-BEB6-00105AA9
B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv
6/SharedContent/vc/bin/AvSniff.ca
b
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56
a2ab} (Installation Support) -
C:\Program
Files\Yahoo!\Common\Yinsthelper.d
ll
O16 - DPF:
{5D86DDB5-BDF9-441B-9E9E-D4730F4E
E499} -
http://download.bitdefender.com/r
esources/scan8/oscan8.cab
O16 - DPF:
{639658F3-B141-4D6B-B936-226F75A5
EAC3}
(CPlayFirstDinerDash2Control
Object) -
http://www.bigfishgames.com/onlin
e/dinerdash2restaura/DinerDash2.1
.0.0.48.cab
O16 - DPF:
{644E432F-49D3-41A1-8DD5-E099162E
EEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv
6/SharedContent/common/bin/cabsa.
cab
O16 - DPF:
{77E32299-629F-43C6-AB77-6A1E6D76
63F6} (Groove Control) -
http://atv.disney.go.com/global/d
ownload/otoy/OTOYAX29b.cab
O16 - DPF:
{7E980B9B-8AE5-466A-B6D6-DA8CF814
E78A} (MJLauncherCtrl Class) -
http://www.bigfishgames.com/onlin
e/luxor2/mjolauncher.cab
O16 - DPF:
{81F0C919-AB0B-4F5C-932D-5CEEF058
79E9} (IITLoadCtrl Class) -
https://www.imoncall.com/go/iitlo
ader.cab
O16 - DPF:
{94EB57FE-2720-496C-B33F-D9353C6E
23F7} (F-Secure Online Scanner
2.1) -
http://www.charter.net/files/char
ter/securitysuite/fscax.cab
O16 - DPF:
{9522B3FB-7A2B-4646-8AF6-36E7F593
073C} -
O16 - DPF:
{B1E2B96C-12FE-45E2-BEF1-44A21911
3CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/act
ivex/sabspx.cab
O16 - DPF:
{C02226EB-A5D7-4B1F-BD7E-635E46C2
288D} (Toontown Installer ActiveX
Control) -
http://a.download.toontown.com/sv
1.0.29.11/ttinst.cab
O16 - DPF:
{D27CDB6E-AE6D-11CF-96B8-44455354
0000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com
/pub/shockwave/cabs/flash/swflash
.cab
O16 - DPF:
{D54160C3-DB7B-4534-9B65-190EE4A9
C7F7} (SproutLauncherCtrl Class)
-
http://game8.bigfishgames.com/Ree
f/en_feedingfrenzy/online/SproutL
auncher.cab
O16 - DPF:
{DC75FEF6-165D-4D25-A518-C8C4BDA7
BAA6} (CPlayFirstDinerDashControl
Object) -
http://www.bigfishgames.com/onlin
e/dinerdash/DinerDash.1.0.0.58.ca
b
O16 - DPF:
{DF780F87-FF2B-4DF8-92D0-73DB16A1
543A} (PopCapLoader Object) -
http://aolsvc.aol.com/onlinegames
/popzuma/popcaploader_v10.cab
O20 - Winlogon Notify:
!SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.d
ll
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier
-
C:\WINDOWS\SYSTEM32\WRLogonNTF.dl
l
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D52486
9DB5} -
C:\WINDOWS\system32\WPDShServiceO
bj.dll
O23 - Service: Ad-Aware 2007
Service (aawservice) - Lavasoft
AB - C:\Program
Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Apple Mobile
Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceServ
ice.exe
O23 - Service: Backup995
Automatic Backup - Unknown owner
- C:\Program
Files\Backup995\res\ntservice.exe
O23 - Service: C-DillaSrv -
C-Dilla Ltd -
C:\WINDOWS\system32\DRIVERS\CDANT
SRV.EXE
O23 - Service: Print Spooler
Service (dyyuiabokanz4) - Unknown
owner -
C:\WINDOWS\system32\cihwboz.exe
O23 - Service: InstallDriver
Table Manager (IDriverT) -
Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Int
el 32\IDriverT.exe
O23 - Service: iPod Service -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: STOPzilla Service
(szserver) - iS3, Inc. -
C:\Program Files\Common
Files\iS3\Anti-Spyware\SZServer.e
xe
O23 - Service: Trend Micro
AntiVirus Protection Service
(tavsvc) - Trend Micro Inc. -
C:\Program Files\Trend
Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy
Service (tmproxy) - Trend Micro
Inc. - C:\Program Files\Trend
Micro\AntiVirus
2007\Components\tmproxy.exe
O23 - Service: TrueVector
Internet Monitor (vsmon) - Zone
Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmo
n.exe
O23 - Service: AOL Authentication
Server (WBM-AOLSerV) - Unknown
owner -
C:\WINDOWS\System32\wbem\aolserve
r.exe
O23 - Service: Webroot Spy
Sweeper Engine
(WebrootSpySweeperService) -
Webroot Software, Inc. -
C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
O23 - Service: Windows Kernel
Service - Unknown owner -
C:\WINDOWS\system32\wkservice.exe