Logfile of HijackThis v1.99.1
Scan saved at 11:24:02 AM, on 06/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roman\My Documents\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 216.239.115.141 www.cnet.com
O1 - Hosts: 209.68.46.122 www.driverguide.com
O1 - Hosts: 209.35.183.207 www.learnthenet.com
O1 - Hosts: 210.143.100.27 www.kt70.com
O1 - Hosts: 203.98.189.74 www.masteryourcomputer.com
O1 - Hosts: 216.239.115.131 downloads-zdnet.com.com
O1 - Hosts: 204.157.7.84 filext.com
O1 - Hosts: 66.98.150.150 www.panicware.com
O1 - Hosts: 66.77.24.10 www.informationweek.com
O1 - Hosts: 128.241.159.244 www.mrtech.com
O1 - Hosts: 62.140.213.144 forums.vnunet.com
O1 - Hosts: 65.214.43.37 whatis.techtarget.com
O1 - Hosts: 193.22.244.24 www.bosniaexpress.com
O1 - Hosts: 66.218.77.68 www.geocities.com
O1 - Hosts: 66.211.137.15 www.catici.com
O1 - Hosts: 195.29.5.9 www.hrt.hr
O1 - Hosts: 195.29.150.32 www.htnet.hr
O1 - Hosts: 63.247.69.155 www.monitor.hr
O1 - Hosts: 213.191.133.150 www.iskon.hr
O1 - Hosts: 195.78.32.9 www.posluh.hr
O1 - Hosts: 209.61.193.20 www.needforfood.com
O1 - Hosts: 195.29.151.32 www.plivazdravlje.hr
O1 - Hosts: 64.41.125.32 www.radiotower.com
O1 - Hosts: 69.56.229.163 www.unreal-net.com
O1 - Hosts: 161.53.19.201 www.hr
O1 - Hosts: 198.96.181.1 www.bmo.com
O1 - Hosts: 142.245.1.15 www.rbcroyalbank.com
O1 - Hosts: 142.245.1.23 www.rbcfunds.com
O1 - Hosts: 64.33.22.228 www.heidiswanson.com
O1 - Hosts: 193.22.244.26 www.aspoonfulofsugar.net
O1 - Hosts: 216.22.32.9 www.cheesenet.info
O1 - Hosts: 216.148.233.77 www.eatdrinkdine.com
O1 - Hosts: 207.97.209.161 www.weightlosssoftware.com
O1 - Hosts: 66.113.225.129 www.nutribase.com
O1 - Hosts: 207.200.81.154 dmoz.org
O1 - Hosts: 198.64.142.207 secure.agoramedia.com
O1 - Hosts: 209.237.237.100 www.alexa.com
O1 - Hosts: 198.172.139.137 www.douwantit.com
O1 - Hosts: 216.193.202.216 www.soople.com
O1 - Hosts: 216.22.0.7 www.askmen.com
O1 - Hosts: 216.37.76.92 www.back.com
O1 - Hosts: 209.112.56.14 www.choicesforhealthandharmony.com
O1 - Hosts: 209.101.182.56 www.health.harvard.edu
O1 - Hosts: 207.61.132.33 www.drkoop.com
O1 - Hosts: 130.14.16.110 www.nlm.nih.gov
O1 - Hosts: 66.226.83.166 www.shirleys-wellness-cafe.com
O1 - Hosts: 149.48.192.121 www.pbs.org
O1 - Hosts: 216.220.41.84 www.medbroadcast.com
O1 - Hosts: 69.2.200.101 www.qray.ca
O1 - Hosts: 209.35.187.200 www.maxhealthwellness.com
O1 - Hosts: 216.180.246.187 www.vitamins-nutrition.org
O1 - Hosts: 63.240.86.41 www.webmd.com
O1 - Hosts: 206.103.40.174 www.bestplaces.net
O1 - Hosts: 161.58.185.45 www.doityourself.com
O1 - Hosts: 208.62.160.26 thundercloud.net
O1 - Hosts: 217.160.226.86 www.htby.org
O1 - Hosts: 69.20.30.144 www.mrpicassohead.com
O1 - Hosts: 213.244.7.139 www.t-fal.ca
O1 - Hosts: 69.20.122.147 www.ehow.com
O1 - Hosts: 209.133.53.130 www.annoyances.org
O1 - Hosts: 198.81.129.100 www.cia.gov
O1 - Hosts: 64.12.37.146 www.netscape.com
O1 - Hosts: 65.220.224.30 pcworld.com
O1 - Hosts: 65.54.183.195 login.passport.net
O1 - Hosts: 66.37.205.40 www.switchboard.com
O1 - Hosts: 69.28.218.54 www.almanac.com
O1 - Hosts: 206.173.193.12 daily.webshots.com
O1 - Hosts: 212.58.226.40 news.bbc.co.uk
O1 - Hosts: 213.232.100.28 www.saidwhat.co.uk
O1 - Hosts: 63.211.143.109 home.thirdage.com
O1 - Hosts: 209.232.226.110 www.mbayaq.org
O1 - Hosts: 207.150.192.12 www.onlineconversion.com
O1 - Hosts: 212.254.206.30 beam.to
O1 - Hosts: 216.183.98.30 www.thetoymaker.com
O1 - Hosts: 128.32.102.25 geoimages.berkeley.edu
O1 - Hosts: 207.203.214.28 www.fgcu.edu
O1 - Hosts: 207.61.132.16 www.avery.com
O1 - Hosts: 69.13.187.164 www.unicode.org
O1 - Hosts: 12.129.204.172 www.colorgenics.com
O1 - Hosts: 165.193.123.186 www.infoplease.com
O1 - Hosts: 216.201.96.100 www.mdg.ca
O1 - Hosts: 66.207.102.150 www.mdgstore.com
O1 - Hosts: 207.44.186.43 www.oldsuperstitions.com
O1 - Hosts: 63.240.143.206 www.oprah.com
O1 - Hosts: 69.27.96.174 www.thistothat.com
O1 - Hosts: 62.146.47.3 www.timeticker.com
O1 - Hosts: 64.6.248.100 bowering.org
O1 - Hosts: 207.241.148.80 email.about.com
O1 - Hosts: 12.26.103.5 icn.net
O1 - Hosts: 138.247.65.21 www.support.dsu.edu
O1 - Hosts: 66.98.229.110 www.iopus.com
O1 - Hosts: 202.187.175.166 www.acesoftware.com.my
O1 - Hosts: 202.125.35.111 www.coldfusion-vpm.com
O1 - Hosts: 206.169.246.159 www.jasc.com
O1 - Hosts: 69.50.194.230 www.khiba.com
O1 - Hosts: 67.29.153.216 www.mygraphicsite.com
O1 - Hosts: 209.249.147.80 www.moonsdesigns.com
O1 - Hosts: 216.251.32.98 www.snowbirds.org
O1 - Hosts: 207.203.100.134 www.northpole.com
O1 - Hosts: 202.139.106.172 wires.news.com.au
O1 - Hosts: 24.104.35.9 skyandtelescope.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: sympatico.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F3F193CC-8D90-4BEB-8EDA-3EA69BB624F0} (Downloader Class) - http://a2044.g.akama...load/dwnldr.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://map.hamilton....4/ACGM/Acgm.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Edited by darvin, 19 June 2005 - 09:48 AM.