Logfile of HijackThis v1.98.0
Scan saved at 7:40:29 PM, on 7/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wilkshire.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.wilkshire.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.peoplepc.com/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.searchwww.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pogo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://cgi.verizon.n...,4.0&bm,ho_homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com.../hp/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.searchwww.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\
[email protected] -min
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: Spelldown -
http://yog9.yahoo.co...g/y/wgq12_x.cabO16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) -
http://www100.coolsa...oad/cscmv4X.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) -
http://us.dl1.yimg.c...bar/yiebio4.cabO16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) -
http://www.ea.com/do...trap/iegils.cabO16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) -
http://www.wildtange...tars/wtinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c...ials/ymmapi.dllO16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://M:\Bin\html\files\MotivePreQual.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: ConferenceRoom Java Client -
http://mail.igl.net:8000/java/cr.cabO16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) -
http://mirror.worldw...man/hangman.cabO16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -
http://www.worldwinn...ared/dephlp.cabO16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) -
http://mirror.worldw...y/territory.cabO16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://www.flipside....cherControl.cabO16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) -
http://mirror.worldw...shape/shape.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://mirror.worldw...v44/sol/sol.cabO16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -
http://mirror.worldw...apit/swapit.cabO16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) -
http://mirror.worldw...ck/bjattack.cabO16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) -
http://mirror.worldw...mines/mines.cabO16 - DPF: {E5EF1E59-8AFD-425A-9F30-817FD6507215} (Darts Control) -
http://mirror.worldw...darts/darts.cabO16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) -
http://mirror.worldw...ty/tilecity.cabO16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) -
http://mirror.worldw...ut/brickout.cabO16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) -
http://mirror.worldw...sol/golfsol.cabO16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) -
http://mirror.worldw...focus/focus.cabO16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
http://www.gamehouse.com/ghdlctl.cabO16 - DPF: Greenback Bayou by pogo.com -
http://greenback.pog...k-ob-assets.cabO16 - DPF: Pop Fu by pogo.com -
http://popfu.pogo.co...u-ob-assets.cabO16 - DPF: Dice Derby by pogo.com -
http://checkeredflag...g-ob-assets.cabO16 - DPF: Squelchies by pogo.com -
http://squelchies.po...s-ob-assets.cabO16 - DPF: Jungle Gin by pogo.com -
http://gin.pogo.com/...n-ob-assets.cabO16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -
http://216.249.24.14...tiveXImgCtl.CABO16 - DPF: Word Whomp Whackdown by pogo.com -
http://whackdown.pog...n-ob-assets.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-0.cabO16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) -
http://mirror.worldw...se/collapse.cabO16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) -
http://mirror.worldw...cubis/cubis.cabO16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) -
http://mirror.worldw...gsaw/jigsaw.cabO16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -
http://simcity.ea.co...ty4PatcherX.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://simcity.ea.co...date/EARTPX.cabO16 - DPF: Tri-Peaks by pogo -
http://peaks.pogo.co...s-ob-assets.cabO16 - DPF: Fortune Bingo by pogo -
http://superbingo.po...o-ob-assets.cabO16 - DPF: Squelchies by pogo -
http://squelchies.po...s-ob-assets.cabO16 - DPF: Pop Fu by pogo -
http://popfu.pogo.co...u-ob-assets.cabO16 - DPF: Greenback Bayou by pogo -
http://greenback.pog...k-ob-assets.cabO16 - DPF: Dice Derby by pogo -
http://checkeredflag...g-ob-assets.cabO16 - DPF: Jungle Gin by pogo -
http://gin.pogo.com/...n-ob-assets.cabO16 - DPF: Word Whomp Whackdown by pogo -
http://whackdown2.po...n-ob-assets.cabO16 - DPF: World Class Solitaire by pogo -
http://klondike.pogo...s-ob-assets.cabO16 - DPF: First Class Solitaire by pogo -
http://solitaire31.p...2-ob-assets.cabO16 - DPF: Cribbage by pogo -
http://crib.pogo.com...e-ob-assets.cabO16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) -
http://www.getdway.c.../dpcsysinfo.cabO16 - DPF: Euchre by pogo -
http://euchre.pogo.c...e-ob-assets.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: Pebble Beach Golf by pogo -
http://temp40.pogo.c...e-ob-assets.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/...me/ZAxRcMgr.cabO16 - DPF: Hearts by pogo -
http://hearts.pogo.c...s-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo -
http://game6.pogo.co...1-ob-assets.cabO16 - DPF: Payday FreeCell by pogo -
http://freecell.pogo...l-ob-assets.cabO16 - DPF: Animal Ark by pogo -
http://play33.pogo.c...l-ob-assets.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real...ArcadeRdxIE.cabO16 - DPF: Dominoes by pogo -
http://domino.pogo.c...o-ob-assets.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...aploader_v5.cabO16 - DPF: Spades by pogo -
http://spades.pogo.c...s-ob-assets.cabO16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
http://www.otxresear...ia/OTXMedia.dllO16 - DPF: Poppit TM by pogo -
http://poppit07.pogo...t-ob-assets.cabO16 - DPF: Sweet Tooth TM by pogo -
http://solitaire31.p...h-ob-assets.cabO16 - DPF: Pirate's Gold by pogo -
http://swashbucks01....d-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo -
http://mahjong2.pogo...g-ob-assets.cabO16 - DPF: Backgammon by pogo -
http://gammon.pogo.c...n-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo -
http://holdem02.pogo...m-ob-assets.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO16 - DPF: Showbiz Slots by pogo -
http://showbiz.pogo....z-ob-assets.cabO16 - DPF: High Stakes Pool by pogo -
http://pool2.pogo.co...l-ob-assets.cabO16 - DPF: Tumble Bees by pogo -
http://jumbee.pogo.c...e-ob-assets.cabO16 - DPF: Checkers by pogo -
http://checkers.pogo...s-ob-assets.cabO16 - DPF: Word Whomp by pogo -
http://whomp.pogo.co...p-ob-assets.cabO16 - DPF: Buckaroo Blackjack TM by pogo -
http://vbjack.pogo.c...k-ob-assets.cabO16 - DPF: Phlinx by pogo -
http://flinger.pogo....r-ob-assets.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-9.cabO16 - DPF: Perfect Pair Solitaire by pogo -
http://waterwheel.po...l-ob-assets.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL