Logfile of HijackThis v1.99.1
Scan saved at 1:16:04 PM, on 07/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\System32\hserver.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.weepee.com/?s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} -
C:\WINDOWS\system32\mpegcore.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
file)
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware
Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}
- C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: PopupPopper Control Panel -
{3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program
Files\PopupPopper\SiteList.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai....trendmicro.com
/housecall/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1}
(Driver_Detective_v43_Non_Member.DD_v43) -
http://www.drivershq..._Non_Member.CAB
O17 -
HKLM\System\CCS\Services\Tcpip\..\{942147B2-A04C-4017-A974-B600F32CB8E
8}: NameServer = 151.202.0.84 151.203.0.84
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates
Technologies, Inc. - C:\Program Files\McAfee\McAfee
VirusScan\Avsynmgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side
Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects
Software Inc. - C:\WINDOWS\System32\hserver.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program
Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common
Files\Network Associates\McShield\Mcshield.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program
Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe