Logfile of HijackThis v1.99.1
Scan saved at 7:07:44 AM, on
15/05/2005
Platform: Windows XP (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00
SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex
e
C:\WINDOWS\system32\services.ex
e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Norton\Norton
AntiVirus\navapsvc.exe
C:\Norton\Norton
Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Norton\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sdkzp32.exe
C:\Program
Files\MusicMatch\MusicMatch
Jukebox\mm_tray.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.
exe
C:\LEXMAR~1\ACMonitor_X83.exe
C:\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVE
RS\W32X86\3\printray.exe
C:\Spyhunter\PopupBlocker\Enigm
aPopupStop.exe
C:\Norton\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFX
SWTCH.exe
C:\WINDOWS\System32\wfxsnt40.ex
e
C:\Program
Files\dvd43\dvd43_tray.exe
C:\windows\system32\netdaemon.e
xe
C:\TweakMASTER-PRO\TweakMASTER\
TwMaster.exe
C:\WINDOWS\System32\atl70132.ex
e
C:\WINDOWS\msdw.exe
C:\Program
Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\System32\p2pnetwork.
exe
C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe
H:\Screen
Capture\PrintScreen\PrintScreen
.exe
H:\Weather\WeatherEye.exe
C:\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wuauclt.exe
H:\Hijackthis2\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Interne
t Explorer\Main,Search Bar =
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R1 -
HKCU\Software\Microsoft\Interne
t Explorer\Main,Search Page =
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R1 -
HKLM\Software\Microsoft\Interne
t
Explorer\Main,Default_Page_URL
= about:blank
R1 -
HKLM\Software\Microsoft\Interne
t
Explorer\Main,Default_Search_UR
L =
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R1 -
HKLM\Software\Microsoft\Interne
t Explorer\Main,Search Bar =
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R1 -
HKLM\Software\Microsoft\Interne
t Explorer\Main,Search Page =
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R1 -
HKCU\Software\Microsoft\Interne
t
Explorer\Search,SearchAssistant
=
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R0 -
HKLM\Software\Microsoft\Interne
t
Explorer\Search,SearchAssistant
=
res://C:\WINDOWS\fausm.dll/sp.h
tml#37049
R0 -
HKCU\Software\Microsoft\Interne
t Explorer\Main,Local Page =
R3 - Default URLSearchHook is
missing
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D
6BE0B3} - c:\program
files\adobe\Reader\ActiveX\Acro
IEHelper.ocx
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B
084872} - C:\Norton\Norton
AntiVirus\NavShExt.dll
O2 - BHO: Class -
{F61EE4EF-175D-788C-572B-3EA896
1D324F} -
C:\WINDOWS\apion32.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9
082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus
-
{42CDD1BF-3FFB-4238-8AD1-7859DF
00B1D6} - C:\Norton\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA]
atiptaxx.exe
O4 - HKLM\..\Run: [MMTray]
C:\Program
Files\MusicMatch\MusicMatch
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run:
[KernelFaultCheck]
%systemroot%\system32\dumprep 0
-k
O4 - HKLM\..\Run: [TkBellExe]
"C:\Program Files\Common
Files\Real\Update_OB\realsched.
exe" -osboot
O4 - HKLM\..\Run: [Lexmark X83
Button Monitor]
C:\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83
Button Manager]
C:\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVE
RS\W32X86\3\printray.exe
O4 - HKLM\..\Run:
[EnigmaPopupStop]
C:\Spyhunter\PopupBlocker\Enigm
aPopupStop.exe
O4 - HKLM\..\Run: [NAV Agent]
C:\Norton\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch]
C:\PROGRA~1\NORTON~1\WinFax\WFX
SWTCH.exe
O4 - HKLM\..\Run:
[WinFaxAppPortStarter]
wfxsnt40.exe
O4 - HKLM\..\Run: [dvd43]
C:\Program
Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MediaFace
Integration] H:\CD-DVD
Labeler\SetHook.exe
O4 - HKLM\..\Run: [Symantec
NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run:
[SSC_UserPrompt] C:\Program
Files\Common Files\Symantec
Shared\Security
Center\UsrPrmpt.exe
O4 - HKLM\..\Run:
[UpdateManager] "C:\Program
Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [netdaemon]
c:\windows\system32\netdaemon
/v
O4 - HKLM\..\Run:
[NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.e
xe
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.e
xe
O4 - HKLM\..\Run: [TweakMASTER]
"C:\TweakMASTER-PRO\TweakMASTER
\TwMaster.exe" /auto
O4 - HKLM\..\Run:
[88b5b55ebaca]
C:\WINDOWS\System32\atl70132.ex
e
O4 - HKLM\..\Run:
[iexplore.exe] C:\Program
Files\Internet
Explorer\iexplore.exe
O4 - HKLM\..\Run: [msdw.exe]
C:\WINDOWS\msdw.exe
O4 - HKLM\..\Run: [MsConfigs]
C:\Program
Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [p2pnetwork]
p2pnetwork.exe
O4 - HKLM\..\Run: [P2P
Networking]
C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe
/AUTOSTART
O4 - HKLM\..\Run: [systz.exe]
C:\WINDOWS\systz.exe
O4 - HKLM\..\Run: [atlwm.exe]
C:\WINDOWS\system32\atlwm.exe
O4 - HKLM\..\RunServices:
[p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\RunOnce:
[sdkzp32.exe]
C:\WINDOWS\system32\sdkzp32.exe
O4 - HKCU\..\Run: [SpyKiller]
C:\Spykiller\SpyKiller\spykille
r.exe /startup
O4 - HKCU\..\Run: [Gadwin
PrintScreen 2.6] H:\Screen
Capture\PrintScreen\PrintScreen
.exe /nosplash
O4 - HKCU\..\Run: [WeatherEye]
H:\Weather\WeatherEye.exe
O4 - HKCU\..\Run: [IncrediMail]
C:\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [p2pnetwork]
p2pnetwork.exe
O4 - HKCU\..\RunServices:
[p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Microsoft
Office.lnk = C:\Program
Files\Microsoft
Office\Office\OSA9.EXE
O6 -
HKCU\Software\Policies\Microsof
t\Internet Explorer\Control
Panel present
O8 - Extra context menu item:
&Add animation to IncrediMail
Style Box -
C:\INCRED~1\bin\resources\WebMe
nuImg.htm
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\MICROS~3\Office10\EXCE
L.EXE/3000
O8 - Extra context menu item:
LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\lime
shop_script0.htm
O9 - Extra button: IncrediBar -
{023FA804-DCE1-4817-94ED-6BA420
0F9AF2} - C:\Program
Files\IncrediBar\bin\IBTBar.dll
O9 - Extra button: Popup
Eliminator -
{A26ABCF0-1C8F-46e7-A67C-0489DC
21B9CC} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem:
Popup Eliminator -
{A26ABCF0-1C8F-46e7-A67C-0489DC
21B9CC} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F
795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F
795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop:
C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF:
{1D6711C8-7154-40BB-8380-3DEA45
B69CBF} -
O16 - DPF:
{2253F320-AB68-4A07-917D-4F12D8
884A06} (ChainCast VMR Client
Proxy) -
http://64.124.45.181/downloads/
ccpm_0237.cab
O16 - DPF:
{56336BCB-3D8A-11D6-A00B-0050DA
18DE71} (RdxIE Class) -
http://207.188.7.150/2359016e41
4c19f7de00/netzip/RdxIE601.cab
O16 - DPF:
{90C9629E-CD32-11D3-BBFB-00105A
1F0D68} -
http://www.installengine.com/en
gine/isetup.cab
O16 - DPF:
{CD17FAAA-17B4-4736-AAEF-436EDC
304C8C} (ContentAuditX Control)
-
http://a840.g.akamai.net/7/840/
5805/v1503/www.contentwatch.com
/audit/includes/ContentAuditCon
trol.cab
O16 - DPF:
{F00F4763-7355-4725-82F7-0DA94A
256D46} (IMDownloader Class) -
http://www2.incredimail.com/con
tents/setup/downloader/imloader
.cab
O23 - Service: Remote Procedure
Call (RPC) Helper (
11Fßä#·ºÄÖ`I) - Unknown owner
- C:\WINDOWS\system32\msfx.exe
(file missing)
O23 - Service: Ati HotKey
Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.ex
e
O23 - Service: ISEXEng -
Unknown owner -
C:\WINDOWS\System32\angelex.exe
(file missing)
O23 - Service: Norton AntiVirus
Auto Protect Service (navapsvc)
- Symantec Corporation -
C:\Norton\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase
Protection (NProtectService) -
Symantec Corporation -
C:\Norton\Norton
Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver
Helper Service (NVSvc) - NVIDIA
Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking
Service (SBService) - Symantec
Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\S
CRIPT~1\SBServ.exe
O23 - Service: Symantec Network
Drivers Service (SNDSrvc) -
Symantec Corporation -
C:\Program Files\Common
Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Speed Disk
service - Symantec Corporation
- C:\Norton\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service
(SymWSC) - Symantec Corporation
- C:\Program Files\Common
Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown
owner - C:\WINDOWS\zeta.exe
(file missing)