01 - I have run
HijackThis 1.99.1 with the
Selective Start Up switched off and I have copied the Log File below.
Logfile of HijackThis v1.99.1
Scan saved at 00:42:33, on 2005-05-22
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiscali.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: load=ptsnoop.exe
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!
user_pref("RedSailAction.aim.away.autoreply", true);
user_pref("RedSailAction.aim.away.disablesound", false);
user_pref("RedSailAction.aim.buddy.SndPlayFirstIncoming", true);
user_pref("RedSailAction.aim.buddy.SndPlayIncoming", true);
user_pref("RedSailAction.aim.buddy.SndPlayOutgoing", true);
user_pref("RedSailAction.aim.buddy.SndPlaySignOff", true);
user_pref("RedSailAction.aim.buddy.SndPlaySignOn", true);
user_pref("RedSailAction.aim.chat.AnnounceChatRoom", true);
user_pref("RedSailAction.aim.chat.FlashChatWin", true);
user_pref("RedSailAction.aim.chat.SndPlayIncoming", true);
user_pref("RedSailAction.aim.chat.SndPlayOutgoing", true);
user_pref("RedSailAction.aim.chat.unavailable", false);
user_pref("RedSailAction.aim.general.im.enterCR", false);
user_pref("RedSailAction.aim.general.im.smilies", true);
user_pref("RedSailAction.aim.general.im.tabKey", false);
user_pref("RedSailAction.aim.general.im.timeStamp", false);
user_pref("RedSa
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!
user_pref("RedSailAction.aim.away.autoreply", true);
user_pref("RedSailAction.aim.away.disablesound", false);
user_pref("RedSailAction.aim.buddy.SndPlayFirstIncoming", true);
user_pref("RedSailAction.aim.buddy.SndPlayIncoming", true);
user_pref("RedSailAction.aim.buddy.SndPlayOutgoing", true);
user_pref("RedSailAction.aim.buddy.SndPlaySignOff", true);
user_pref("RedSailAction.aim.buddy.SndPlaySignOn", true);
user_pref("RedSailAction.aim.chat.AnnounceChatRoom", true);
user_pref("RedSailAction.aim.chat.FlashChatWin", true);
user_pref("RedSailAction.aim.chat.SndPlayIncoming", true);
user_pref("RedSailAction.aim.chat.SndPlayOutgoing", true);
user_pref("RedSailAction.aim.chat.unavailable", false);
user_pref("RedSailAction.aim.general.im.enterCR", false);
user_pref("RedSailAction.aim.general.im.smilies", true);
user_pref("RedSailAction.aim.general.im.tabKey", false);
user_pref("RedSailAction.aim.general.im.timeStamp", false);
user_pref("RedSa
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: DSL Monitor.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: QuickTranslate - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\edtrans.htm
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Cribbage -
http://download.game...nts/y/it1_x.cabO16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) -
http://ak.imgag.com/...stall/AxCtp.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: ChatSpace Java Client 2.1.0.90N -
http://freeserve-a3....a/cs4msn090.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
http://fdl.msn.com/z...4/heartbeat.cabO16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) -
http://www.pcpitstop.../diskhealth.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://lw12fd.law12....ex/HMAtchmt.ocxO16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt3_x.cabO16 - DPF: Yahoo! Towers 2.0 -
http://download.game...ts/y/ywt0_x.cabO16 - DPF: Yahoo! Spelldown -
http://download.game...ts/y/sdt1_x.cabO16 - DPF: {C52C1623-3D3E-45EE-9581-B7D68EDB0728} (HiperLoader Control) -
http://plugin.hiperm...co.uk/hiper.cabO16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) -
http://support.epson...rg/ESTPTest.cabO16 - DPF: ChatSpace Full Java Client 3.1.0.246 -
http://chat-c3.wanad...va/cfs31246.cabO16 - DPF: ChatSpace Full Java Client 3.1.0.248 -
http://chat-c2.wanad...va/cfs31248.cabO16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst4_x.cabO16 - DPF: Yahoo! Poker -
http://download.game...nts/y/pt3_x.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zone...ctor/WebAAS.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca....r/axscanner.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.co...clean_micro.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...494/mcfscan.cabO16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
http://support.f-sec...m/ols/fscax.cabThunderOcean