thanks
RCOLF
Logfile of HijackThis v1.99.1
Scan saved at 12:05:05 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\icasServ.exe
C:\Program Files\Aluria Security Center\SecurityCenter.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\w?nword.exe
C:\Program Files\csaa\srai.exe
C:\PROGRA~1\ALURIA~1\asKernel.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HONDAEPC\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HONDAEPC\Binn\sqlagent.EXE
C:\HijackThis App\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.psndeale...ers/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {39527252-0ACF-4C63-E19C-271414330432} - driver64.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\appwiz.dll
O2 - BHO: (no name) - {A49D52DA-0E37-F870-F96F-AAD49BE4AC3F} - C:\WINDOWS\System32\CZ6vtx3H.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\System32\icasServ.exe
O4 - HKLM\..\Run: [dialer423] barint.exe
O4 - HKLM\..\Run: [keybdll] sound64.exe
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKLM\..\Run: [Aluria Security Center] C:\Program Files\Aluria Security Center\SecurityCenter.exe /minimize
O4 - HKLM\..\Run: [dmypl.exe] C:\WINDOWS\System32\dmypl.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Gqy] C:\WINDOWS\System32\w?nword.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [keybdll] MON76234.exe
O4 - HKCU\..\Run: [SAPSTR] TRPT.exe
O4 - HKCU\..\Run: [XTermInit] init32.exe
O4 - HKCU\..\Run: [Uahe] C:\Program Files\csaa\srai.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.164.109.25.72
O15 - Trusted Zone: *.207.130.86.35
O15 - Trusted Zone: *.acura.com
O15 - Trusted Zone: *.ahm-ownerlink.com
O15 - Trusted Zone: *.ahmdealer.com
O15 - Trusted Zone: *.edcor.com
O15 - Trusted Zone: *.honda.com
O15 - Trusted Zone: *.hondacars.com
O15 - Trusted Zone: www.triumphonline.net
O15 - Trusted Zone: *.xmradio.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: http://67.19.178.84
O16 - DPF: {171B10C1-475C-11D4-8E21-005004718DC0} (Project1.UserControl1) - https://www.scat.suz.../cab/Prjaos.CAB
O16 - DPF: {2345F907-F5CF-11D3-8E1F-005004718DC0} (scatdp2a.clsSuzuki) - https://www.scat.suz...ab/scatdp2a.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda....AX/RraainAX.CAB
O16 - DPF: {2D361311-74CA-11D2-B3F4-0060083BE8BF} (scatdp2.clsSuzuki) - https://www.scat.suz...cab/Scatdp2.CAB
O16 - DPF: {399548B6-253E-11D2-BE13-000000000000} (VPEngine ActiveX Control Class) - https://www.scat.suz...ab/vpectrl3.cab
O16 - DPF: {43241AD9-3A89-4815-9A9C-7D9B549AA13A} (prjEmptyRegular.ctlatRegular) - https://www.scat.suz...cab/prj481E.CAB
O16 - DPF: {531CD468-D7BF-11D3-9261-00104B6943CA} (Scatdp4.clsSuzuki) - https://www.scat.suz...cab/scatdp4.cab
O16 - DPF: {71E098B7-728F-11D2-B3F4-0060083BE8BF} (Scatdp1.clsSuzuki) - https://www.scat.suz...cab/Scatdp1.CAB
O16 - DPF: {87FA653D-4C13-11D3-8E1F-005004718DC0} (ScatUpdater.Updater) - https://www.scat.suz...ScatUpdater.CAB
O16 - DPF: {8EBAC640-ECA5-404C-AFD9-18D61BE4AF82} (ctlepc.scatepc) - https://www.scat.suz.../cab/ctlepc.cab
O16 - DPF: {915DB736-2591-11D3-8E1F-005004718DC0} (Scatdp3.clsSuzuki) - https://www.scat.suz...cab/scatdp3.cab
O16 - DPF: {AABEE018-FF3D-11D3-8E1F-005004718DC0} (ctlepc.scatepc) - https://www.scat.suz.../cab/ctlepc.CAB
O16 - DPF: {CBCF1FEA-4905-11D4-8E21-005004718DC0} (w281ctlE.ctlW281E) - https://www.scat.suz...ab/w281ctlE.CAB
O16 - DPF: {D4C4A875-FD4E-11D4-AC39-00010262094C} (Scatdp1a.clsSuzuki) - https://www.scat.suz...ab/Scatdp1a.cab
O16 - DPF: {EA712BDB-7FE5-11D3-8E1F-005004718DC0} (Project1.login) - https://www.scat.suz.com/cab/login.CAB
O16 - DPF: {F25620FB-9C81-11D1-BF85-0060083BE8BF} (Project1.ctlStatusBox) - https://www.scat.suz...riStatusBox.CAB
O16 - DPF: {FDC1DAA5-BC3E-11D2-B3F6-0060083BE8BF} (Scatchk1.ScatChk) - https://www.scat.suz...ab/Scatchk1.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 - SSODL: ST6UNST #1 - {8D566BFA-5C3C-50CC-3DEE-2CA0C22B42E8} - (no file)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Nobdci32.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_7.dll (file missing)
O21 - SSODL: GxSCeZbh - {A49D52D4-0E37-F87E-3FEB-99E89BE4AC3C} - (no file)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Edited by coachwife6, 25 August 2005 - 05:42 PM.