Logfile of HijackThis v1.99.1
Scan saved at 1:14:48, on 1-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\pavsrv.exe
E:\Program Files\Web_Rebates\WebRebates0.exe
E:\temp\msbb.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\emakesv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Spamihilator\spamihilator.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\AVENGINE.EXE
E:\PROGRA~1\INCRED~1\bin\IMApp.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\Web_Rebates\WebRebates1.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
E:\WINDOWS\system32\r?ndll32.exe
E:\Documents and Settings\CEES\Mijn documenten\From the Web\Software\Hijack
This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www
searching-4u.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.searching...search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www
searching-4u.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.searching...search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina =
file:///E:/Program%20Files/eMakeSV/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InterPay Shared Browser Helper Object -
{43872F3D-F7C8-4fa6-BE94-B3C263C1E2A9} - E:\WINDOWS\System32\BhoIPay.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
E:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {89DA58B1-E50D-CFD2-2227-E75B542834E8} -
E:\WINDOWS\System32\fcy.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN
Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
e:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program
Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll
NvStartup
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0
exe"
O4 - HKLM\..\Run: [msbb] e:\temp\msbb.exe
O4 - HKLM\..\Run: [gvov] e:\windows\gvov.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [eMakeSV] E:\WINDOWS\System32\emakesv.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32
exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [IncrediMail] E:\Program Files\IncrediMail\bin\IncMail.exe
/c
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Spamihilator] "E:\Program Files\Spamihilator\spamihilator
exe"
O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32
exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://e:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Alle links in deze pagina openen... -
E:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde
server - E:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://e:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://e:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Markeren - E:\Program Files\Avant
Browser\Highlight.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina -
res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Toevoegen aan Reclame Black List - E:\Program
Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Web Rebates - file://E:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Zoeken - E:\Program Files\Avant Browser\Search
htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4
2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS
EXE
O9 - Extra button: Microsoft AntiSpyware helper -
{9A539D09-4FAA-485A-B48C-6711B87A7BE8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{9A539D09-4FAA-485A-B48C-6711B87A7BE8} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers
net/NetpalOffers/DMO1/shnahiatt.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...ers/MetaStream3
cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00
07.02&http://www.toyota.com/rav4/ext360.html
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public
windupdates.com/get_file
php?bt=ie&p=f000cfd84064750d9ff670ca95bb207a82492892b3b9ab0b150d34825d6c1f4fa
5632c97c7c30f0d562bb0995df42c0e856e17f438bb38f5ace6de305:6a2feff70aa50e4b3d9d
f067011f31e
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static
windupdates.com/cab/6247971CanadaInc/ie/bridge-c5.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk
com/php/hwsoliii_scecab_81.68.254.33.910310954429568844_6017279.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner
MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots....SDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai
net/7/1540/52/20040105/qtinstall.info.apple
com/mickey/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) -
http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft
com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098535776796
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
http://www.xxxtoolba...006_regular.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) -
http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper
Object) - http://kitcentral.wanadoo
nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-downlo....cab?refid=4746
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader)
- http://community.web...otoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn
com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload
Component) - http://f010.mail.lyc...ileUploader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -
https://www.p3.postb...l/GTO/PBGNX.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) -
http://www.sponsorad...bTelecomInt.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
http://www2.incredim...er/imloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
E:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software -
E:\WINDOWS\SYSTEM32\pavsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
E:\WINDOWS\system32\ZoneLabs\vsmon.exe