Scan saved at 1:23:53 AM, on 6/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINXP2\System32\smss.exe
C:\WINXP2\system32\winlogon.exe
C:\WINXP2\system32\services.exe
C:\WINXP2\system32\lsass.exe
C:\WINXP2\system32\svchost.exe
C:\WINXP2\System32\svchost.exe
C:\WINXP2\system32\spoolsv.exe
C:\WINXP2\Explorer.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\WINXP2\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP2\System32\tcpsvcs.exe
C:\WINXP2\System32\snmp.exe
C:\WINXP2\System32\mqsvc.exe
C:\WINXP2\System32\mqtgsvc.exe
C:\WINXP2\System32\cidaemon.exe
C:\WINXP2\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\mike\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINXP2\bvbre.dll/sp.html#24098
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdo...com/success.htm
R3 - Default URLSearchHook is missing
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116467397750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAACC274-55CF-48AB-AEFA-FFBC547600D1}: NameServer = 69.50.176.156 195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O19 - User stylesheet: C:\WINXP2\stsheets.dat
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINXP2\aim.exe (file missing)
O23 - Service: Microsoft Registry Viewer (dumpreg) - Unknown owner - C:\WINXP2\dumpreg.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe