Logfile of HijackThis v1.99.1
Scan saved at 5:40:21 PM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\COMMON~1\AOL\110108~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110108~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...faults/sb/*http
://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: McAfee VirusScan -
{BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search -
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM
Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1101083502\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program
Files\Cookie Washer\washidx.exe "Owner"
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TClockEx] C:\Program
Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie
Washer\aolwasher.exe /0
O8 - Extra context menu item: &AIM Search - res://C:\Program
Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search -
res://c:\program files\broderbund\the print
shop\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug -
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.passport.com
O15 - Trusted Zone: http://www.passport.net
O15 - Trusted Zone: http://january.rr.com
O16 - DPF: Aces Up! by pogo -
http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo -
http://superbingo.po...ngo/superbingo-
ob-assets.cab
O16 - DPF: Harvest Mania by pogo -
http://game1.pogo.co...est-ob-assets.c
ab
O16 - DPF: Jungle Gin by pogo -
http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Lottso by pogo -
http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo -
http://game1.pogo.co...hjong-ob-assets
.cab
O16 - DPF: Perfect Pair Solitaire by pogo -
http://game1.pogo.co.../waterwheel-ob-
assets.cab
O16 - DPF: Phlinx by pogo -
http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo -
http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Squelchies by pogo -
http://game1.pogo.co...quelchies-ob-as
sets.cab
O16 - DPF: Texas Hold'em Poker by pogo -
http://game4.pogo.co...dem-ob-assets.c
ab
O16 - DPF: Tri-Peaks by pogo -
http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo -
http://whackdown.pog...ackdown/whackdo
wn-ob-assets.cab
O16 - DPF: WordJong by pogo -
http://wordjong.pogo.../wordjong-ob-as
sets.cab
O16 - DPF: World Class Solitaire by pogo -
http://game1.pogo.co...orldclass-ob-as
sets.cab
O16 - DPF: Yahoo! Chess -
http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes -
http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Graffiti -
http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong -
http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi -
http://download.game...nts/y/rt0_x.cab
O16 - DPF: Yahoo! Spelldown -
http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 -
http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}
(BrowseFolderPopup Class) -
http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop
Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security1.nor...bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D}
(WildTangent Active Launcher) -
http://install.wildt...iveLauncher.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF}
(PopCapLoaderCtrl Class) -
http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class)
- http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File
Upload Control) -
http://sc.communitie...eUC/MsnUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma
Image Uploader 3.0 Control) -
http://memory-of.com...geUploader3.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
(Download Class) -
http://expressit.bro...in/Download.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D}
(CDToolCtrl Class) -
http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...ls/suite/autoco
mplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F}
(RealArcadeRdxIE Class) -
http://games-dl.real...B/RealArcadeRdx
IE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
(DwnldGroupMgr Class) -
http://bin.mcafee.co...s/1,0,0,16/mcgd
mgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
(McFreeScan Class) -
http://download.mcaf...s/tools/mcfscan
/1,5,0,4304/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IMDownloader Class) -
http://www2.incredim...loader/imloader.
cab
O20 - Winlogon Notify: policies -
C:\WINDOWS\system32\dnro0193e.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America
Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) -
America Online, Inc - C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -
Unknown owner - C:\Program Files\Common Files\AOL\AOL
Spyware Protection\\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,
Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine
(MCVSRte) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs
LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe