Logfile of HijackThis v1.99.1
Scan saved at 11:47:14 AM, on 6/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\WINNT\system32\MSTask.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\SymTray.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
D:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
E:\Program Files\ATI Multimedia\main\ATIDtct.EXE
E:\Program Files\Logitech\Profiler\lwemon.exe
E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\WINNT\system32\rundll32.exe
E:\WINNT\system32\mdm.exe
c:\Program Files\InterMute\SpySubtract\SpySub.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\dapiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] E:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] E:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ATI Remote Control] E:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] E:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Start WingMan Profiler] "E:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ItsDeductible7PopUp.lnk = ItsDeductible7\ItsD7.EXE
O4 - Global Startup: SpySubtract.lnk = InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Popup Stopper - Add to Black List - G:\Program Files\iolo\System Mechanic 5\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Stopper - Add to White List - G:\Program Files\iolo\System Mechanic 5\AddToPSWhiteList.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00EEB16B-519A-42BD-BF5C-2E0C9AE0CD21} - http://www.racelm.co...4turbonorun.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ler/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CC1E9F72-AFBE-4C67-B6E1-AB992035E562} (CFM2005TurboDMCrsnorun.UserControl1) - http://www.racelm.co...oDMCrsnorun.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...509/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: ATINotify - logonnfy.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - E:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
Edited by dnulnoj, 09 June 2005 - 09:47 AM.