Logfile of HijackThis v1.99.1
Scan saved at 7:50:24 PM, on 6/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\gjxoof.exe
C:\Documents and Settings\brian\Desktop\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://red.clientapp...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wduhlqx] c:\windows\system32\gjxoof.exe r
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Backgammon by pogo -
http://gammon.pogo.c...n-ob-assets.cabO16 - DPF: Checkers by pogo -
http://checkers.pogo...s-ob-assets.cabO16 - DPF: ConferenceRoom Java Client -
http://irc.theamateu...com/java/cr.cabO16 - DPF: Dominoes by pogo -
http://game4.pogo.co...o-ob-assets.cabO16 - DPF: Euchre by pogo -
http://euchre.pogo.c...e-ob-assets.cabO16 - DPF: Greenback Bayou by pogo -
http://greenback.pog...k-ob-assets.cabO16 - DPF: Hearts by pogo -
http://hearts.pogo.c...s-ob-assets.cabO16 - DPF: Heavy Cannon by pogo -
http://eaweb01.pogo....n-ob-assets.cabO16 - DPF: High Stakes Pool by pogo -
http://game4.pogo.co...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo -
http://game3.pogo.co...w-ob-assets.cabO16 - DPF: Jungle Gin by pogo -
http://gin.pogo.com/...n-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo -
http://game4.pogo.co...g-ob-assets.cabO16 - DPF: Multiline Slots by pogo -
http://game6.pogo.co...s-ob-assets.cabO16 - DPF: Pai Gow by pogo -
http://game3.pogo.co...w-ob-assets.cabO16 - DPF: Perfect Pair Solitaire by pogo -
http://waterwheel.po...l-ob-assets.cabO16 - DPF: Phlinx by pogo -
http://game4.pogo.co...r-ob-assets.cabO16 - DPF: Pinochle by pogo -
http://game4.pogo.co...e-ob-assets.cabO16 - DPF: Pop Fu by pogo -
http://popfu.pogo.co...u-ob-assets.cabO16 - DPF: Spider Solitaire by pogo -
http://game4.pogo.co...r-ob-assets.cabO16 - DPF: Sweet Tooth TM by pogo -
http://sweettooth.po...h-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo -
http://game4.pogo.co...m-ob-assets.cabO16 - DPF: Tri-Peaks by pogo -
http://game4.pogo.co...s-ob-assets.cabO16 - DPF: Tube Runner by pogo -
http://eaweb02.pogo....e-ob-assets.cabO16 - DPF: Tumble Bees by pogo -
http://jumbee.pogo.c...e-ob-assets.cabO16 - DPF: Video Poker by pogo -
http://vpoker.pogo.c...r-ob-assets.cabO16 - DPF: Word Whomp by pogo -
http://game5.pogo.co...p-ob-assets.cabO16 - DPF: Word Whomp Whackdown by pogo -
http://whackdown.pog...n-ob-assets.cabO16 - DPF: WordJong by pogo -
http://wordjong.pogo...g-ob-assets.cabO16 - DPF: World Class Solitaire by pogo -
http://game4.pogo.co...s-ob-assets.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c.../ymmapi_416.dllO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://play05.pogo.c...aploader_v5.cabO16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe