Logfile of HijackThis v1.99.1
Scan saved at 5:09:19 PM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LMSXXD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ucctops.com/ucc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: HyperSearchHook - {4E1A5E2C-AA60-4538-9600-82A9518B061B} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B29D7F2-F527-E955-D423-25422D9EBBA8} - C:\DOCUME~1\Mark\APPLIC~1\WIPEPL~1\flag skip.exe
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LMSXXD] LMSXXD.exe
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [intra gram wave sign] C:\Documents and Settings\All Users\Application Data\DOWNLOADFOURINTRAGRAM\platformfour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [slow book] C:\DOCUME~1\Mark\APPLIC~1\CLOSES~1\Film acid.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.homeshowexpo.com
O15 - Trusted Zone: *.ucctops.com
O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - http://ucctops.com/ucc/arviewer.cab
O16 - DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} (prjOutLoadActiveX.OutLoadOrderPick) - http://www.ucctops.c...LOADACTIVEX.CAB
O16 - DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} (UCCCenterEmp.CenterEmployee) - http://www.ucctops.c...CCCENTEREMP.CAB
O16 - DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} (UCCMemberComment.MemberComment) - http://ucctops.com/u...mberComment.CAB
O16 - DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} (UCCVendorComment.VendorComment) - http://www.ucctops.c...NDORCOMMENT.CAB
O16 - DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} (UCCVendor_Center.Vendor_Center) - http://www.ucctops.c...NDOR_CENTER.CAB
O16 - DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} (UCCVendorContact.VendorContact) - http://www.ucctops.c...NDORCONTACT.CAB
O16 - DPF: {46F1070B-2725-4C80-8F03-4146BF337889} (Sign.ctrlSign) - http://www.ucctops.com/UCC/SIGN.CAB
O16 - DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} (UCCOrderedItems.OrderedItems) - http://ucctops.com/u...rderedItems.CAB
O16 - DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} (UCCVendorEmp.VendorEmployee) - http://www.ucctops.c...CCVENDOREMP.CAB
O16 - DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} (UCCFeesCenter.UCCFeesCtlCenter) - http://www.ucctops.c...CFEESCENTER.CAB
O16 - DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} (UCCOrderPayment.OrderPayment) - http://ucctops.com/u...rderPayment.CAB
O16 - DPF: {7BFC8554-6919-4679-8A97-6A85D51A64E5} (VSClientLogOn.UserControl1) - http://sec1.totalhom...om/VSRLogOn.CAB
O16 - DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} (UCCDate.Date) - https://www.ucctops....abs/UCCDate.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} (UCCCenterCenter.CenterVendor) - http://www.ucctops.c...ENTERVENDOR.CAB
O16 - DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} (UCCEmpCenter.EmployeeCenter) - http://www.ucctops.c...LOYEECENTER.CAB
O16 - DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} (prjLVendorFacility.LVendorFacility) - http://www.ucctops.c...DORFACILITY.CAB
O16 - DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} (UCCVendorFacility.VendorFacility) - http://www.ucctops.c...DORFACILITY.CAB
O16 - DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} (prjRouteLocation.RouteLocation) - http://www.ucctops.c...UTELOCATION.CAB
O16 - DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} (UCCVendorPayTo.VendorPayTo) - http://www.ucctops.c...VENDORPAYTO.CAB
O16 - DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} (UCCEFTMerch.ctlEFTMerch) - http://www.ucctops.c...UCCEFTMERCH.CAB
O16 - DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} (prjOrderToLoad.OrderToLoad) - http://www.ucctops.c...ORDERTOLOAD.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} (UCCDateControl.DateControl) - http://ucctops.com/u...DateControl.CAB
O16 - DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} (UccSupplierList.SupplierList) - http://ucctops.com/u...upplierList.CAB
O16 - DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} (UCCDiscussionsXML.UCCPODiscussionsXML) - https://www.ucctops....cussionsXML.cab
O16 - DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} (UCCEmpVendor.EmployeeVendor) - http://www.ucctops.c...LOYEEVENDOR.CAB
O16 - DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} (uccAPI.clsRegistry) - http://ucctops.com/ucc/uccAPI.CAB
O16 - DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} (UCCEFTMemb.EFTMemb) - http://www.ucctops.c.../UCCEFTMEMB.CAB
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://www.ucctops.com/ucc/msxml3.cab
O16 - DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} (UCCMemberPayment.MemberPayment) - http://ucctops.com/u...mberPayment.CAB
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Moderator note: Please don't post your email address in a public forum as spambots can come here.
Edited by therock247uk, 15 July 2005 - 08:07 PM.