Logfile of HijackThis v1.98.1
Scan saved at 21:54:06, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\TBPanel.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Xtray\xtray_link.exe
E:\program files\zango\zango.exe
E:\WINDOWS\mukqr.exe
E:\Program Files\webHancer\Programs\whAgent.exe
E:\Program Files\webHancer\Programs\whSurvey.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Warez P2P Client\warez.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Aisling\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://solongas.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://E:\DOCUME~1\Aisling\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - E:\Program Files\TV Media\TvmBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - E:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {F9BF22B0-4064-44E8-930A-ECE02F2FD74E} - E:\WINDOWS\System32\hde.dll
O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - E:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - E:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [Gainward] E:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [zSPGuard] e:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SpyBlocs] E:\PROGRA~1\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [sgobkjhz] E:\WINDOWS\System32\dexwvbqc.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Xtray] "C:\Program Files\Xtray\xtray_link.exe"
O4 - HKLM\..\Run: [Spyware Stormer] E:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [zango] e:\program files\zango\zango.exe
O4 - HKLM\..\Run: [kvctr] E:\WINDOWS\mukqr.exe
O4 - HKLM\..\Run: [webHancer Agent] "E:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "E:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Wast] E:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [AdRoarUpdate] E:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [zSearch] E:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [jopa] E:\WINDOWS\System32\sysstartup.exe
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [warez] "E:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [zSearch] E:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Date Manager.lnk = E:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = E:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = E:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.c...ionale_ver3.CAB
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} (MyEMessengerSetup Control) - http://www.myemessen...etupProject.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://infinity.zang...b?productid=542
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.host...aler/604485.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo...t/cabs/mmed.cab
O18 - Filter: text/html - {9626E228-0745-4F2C-8293-45B912030505} - E:\WINDOWS\System32\hde.dll
O18 - Filter: text/plain - {9626E228-0745-4F2C-8293-45B912030505} - E:\WINDOWS\System32\hde.dll