Logfile of HijackThis v1.99.1
Scan saved at 15:45:12, on 28/05/05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00
(6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\COMOne\Bluetooth
Software\bin\btwdins.exe
C:\Program Files\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\c
ommon\swtrayv4.exe
C:\Program
Files\Thrustmaster\Thrustmapper\TMTMTS
R.exe
C:\WINDOWS\System32\usbtapnp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\COMOne\Bluetooth
Software\BTTray.exe
C:\Program Files\Digital Line
Detect\DLG.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Program
Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Nokia\PC Suite for Nokia
7650\connmngmntbox.exe
C:\hellmsn.exe
C:\Program Files\Nokia\PC Suite for Nokia
7650\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.e
xe
C:\Program
Files\Intuwave\Shared\mRouterRunTime\m
RouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROAD
C~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.
exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Norton Internet
Security\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\IFC Client\My
Documents\Caroline\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.euro.dell...ntries/uk/enu/g
en/default.htm
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.eircom.net
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.eircom.net
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.eircom.net
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6
BE0B3} - C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF16
99E1} - C:\Program Files\Common
Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B0
84872} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082
467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A56
76A7} - C:\Program Files\Common
Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF0
0B1D6} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD]
C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works
Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works
Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4]
C:\PROGRA~1\MICROS~4\GAMECO~1\c
ommon\swtrayv4.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program
Files\Thrustmaster\Thrustmapper\TMTMTS
R.exe
O4 - HKLM\..\Run: [USBTA]
C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [WIN32] win32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program
Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver
Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program
Files\Norton Internet Security\cfgwiz.exe
/GUID
{257BBC47-1B26-432e-9F84-188603799
DD3} /MODE CfgWiz /CMDLINE
"REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe]
C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt]
C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStart
up
O4 - HKLM\..\RunServices: [WIN32]
win32.exe
O4 - HKCU\..\Run: [SpySweeper]
C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [WIN32] win32.exe
O4 - HKCU\..\Run: [MSMSGS]
"C:\Program
Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk
= ?
O4 - Global Startup: Microsoft Works
Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk =
C:\Program
Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup:
PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup:
PCSuiteForNokia7650 TS.lnk = ?
O8 - Extra context menu item: &Add
animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\
WebMenuImg.htm
O8 - Extra context menu item: Send To
&Bluetooth - C:\Program
Files\COMOne\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460
577F} - C:\Program
Files\COMOne\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem:
@btrez.dll,-4017 -
{CCA281CA-C863-46ef-9331-5C8D4460
577F} - C:\Program
Files\COMOne\Bluetooth
Software\btsendto_ie.htm
O14 - IERESET.INF:
START_PAGE_URL=http://www.eircom.ne
t
O16 - DPF:
{644E432F-49D3-41A1-8DD5-E099162E
EEC5} (Symantec RuFSI Utility Class) -
http://security.syma...om/sscv6/Shared
Content/common/bin/cabsa.cab
O16 - DPF:
{A3009861-330C-4E10-822B-39D16EC8
829D} (CRAVOnline Object) -
http://www.ravantivi.../scan/ravonline.
cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{999
13937-AAA8-4BC2-A19F-749C8524DCE
9}: NameServer = 159.134.237.6
159.134.248.17
O23 - Service: Bluetooth Service (btwdins)
- WIDCOMM, Inc. - C:\Program
Files\COMOne\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager
(ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy
(ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
O23 - Service: Symantec Password
Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings
Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) -
Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) -
Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus
Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec
Corporation - C:\Program Files\Norton
Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service
(SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\
SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers
Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc
(SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC -
Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
Lexy