Logfile of HijackThis v1.99.1
Scan saved at 12:56:16 PM, on 6/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClient.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\progra~1\realvnc\winvnc\winvnc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\sbts\dhss.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\TSUsage32.exe
\HOME\temp14$\Desktop\HijackThis.exe
C:\Program Files\CTI_Client\Digipop.exe
C:\Program Files\AnswerCenter\HUB\Hub.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [second] C:\WINNT\second.bat
O4 - HKCU\..\Run: [Rrem] C:\Program Files\sbts\dhss.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: PC Timeclock.lnk = C:\Program Files\e-TIMEsheet\ETSTART.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: http://*.travelers.com
O15 - Trusted Zone: http://*.travelerspc.com
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = answer.answerfinancial.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D59AFEA8-F702-46B2-80A3-9C4163274E20}: Domain = answerfinancial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = answer.answerfinancial.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = answer.answerfinancial.com
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\n48olel31hq.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\temp14\Local Settings\Temporary Internet Files\Content.IE5\GJABSVGH\cwshredder[1].exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - Unknown owner - \\HOME\temp14$\Desktop\security suite\ewidoctrl.exe (file missing)
O23 - Service: ewido security suite guard - Unknown owner - \\HOME\temp14$\Desktop\security suite\ewidoguard.exe (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe
O23 - Service: TSCensus Collection Client - Tally Systems Corp. - C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - c:\progra~1\realvnc\winvnc\winvnc.exe" -service (file missing)