Logfile of HijackThis v1.99.1
Scan saved at 5:46:07 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\windows\Mixer.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\hwafjh.exe
C:\windows\System32\accwiz.exe
C:\windows\System32\ctfmon.exe
E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
E:\Program Files\LimeWire\LimeWire 4.1.8 Pro\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Anthony\Desktop\adstuff\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\windows\ceres.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\windows\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\PROGRA~1\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {2399E06E-A462-F5A8-3896-C65178E4BD00} - C:\windows\UPD\lnixegistj.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - e:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - e:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] E:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] e:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetStartup -s
O4 - HKLM\..\Run: [hwafjh] c:\windows\system32\hwafjh.exe
O4 - HKLM\..\Run: [QzZx.exe] C:\documents and settings\anthony\local settings\temp\QzZx.exe
O4 - HKLM\..\Run: [PFm.exe] c:\documents and settings\anthony\local settings\temp\PFm.exe
O4 - HKLM\..\Run: [P2n.exe] C:\documents and settings\anthony\local settings\temp\P2n.exe
O4 - HKLM\..\Run: [P2n] C:\documents and settings\anthony\local settings\temp\P2n.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\System32\runonce.exe
O4 - HKLM\..\Run: [lusapic] C:\WINDOWS\System32\lusapic.exe
O4 - HKLM\..\Run: [l6fp.exe] C:\windows\temp\l6fp.exe
O4 - HKLM\..\Run: [l6fp] C:\windows\temp\l6fp.exe
O4 - HKLM\..\Run: [fuuzfug] C:\WINDOWS\System32\hwafjh.exe
O4 - HKLM\..\Run: [eUibV5RaZ.exe] C:\windows\eUibV5RaZ.exe
O4 - HKLM\..\Run: [eUibV5RaZ] C:\windows\eUibV5RaZ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C] C:\documents and settings\anthony\local settings\temp\C.exe
O4 - HKLM\..\Run: [bVUSlRLri.exe] C:\windows\bVUSlRLri.exe
O4 - HKLM\..\Run: [bVUSlRLri] C:\windows\bVUSlRLri.exe
O4 - HKLM\..\Run: [8n8KRof.exe] C:\documents and settings\anthony\local settings\temp\8n8KRof.exe
O4 - HKLM\..\Run: [2WydIj.exe] C:\documents and settings\anthony\local settings\temp\2WydIj.exe
O4 - HKLM\..\Run: [0z7vf.exe] C:\documents and settings\anthony\local settings\temp\0z7vf.exe
O4 - HKLM\..\Run: [0z7vf] C:\documents and settings\anthony\local settings\temp\0z7vf.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\windows\wupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] E:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: LimeWire 4.1.8 Pro.lnk = E:\Program Files\LimeWire\LimeWire 4.1.8 Pro\LimeWire.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://E:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\WINDOWS\System32\adobemain.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - C:\WINDOWS\crtv2_32.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\WINDOWS\System32\adobemain.dll (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - C:\WINDOWS\crtv2_32.dll (file missing) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115926421357
O16 - DPF: {7AF8D249-B79B-4624-A01E-66D6C48E4B80} (CDNDown Class) - http://wmpdownload.n...ad/CDNDownx.cab
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.2...kx/npkxsite.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\windows\lsass.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - e:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - e:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
*new hijackthis logfile after service pack 1*
Edited by Blaze1x3, 06 July 2005 - 06:47 PM.