Logfile of HijackThis v1.99.1
Scan saved at 2:25:04 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\rulakp.exe
C:\Program Files\Rebate Retriever\RebateRetriever.exe
C:\WINNT\etb\pokapoka62.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...h.cgi?uid=&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...h.cgi?uid=&id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://server.person...8-42695AAD4341}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [_28599c] C:\WINNT\system32\_28599c.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [anmanl] C:\WINNT\system32\anmanl.exe
O4 - HKLM\..\Run: [asdlgr] C:\WINNT\system32\asdlgr.exe
O4 - HKLM\..\Run: [asradr] C:\WINNT\system32\asradr.exe
O4 - HKLM\..\Run: [ataD] C:\WINNT\system32\ataD.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [bchkb] C:\WINNT\system32\bchkb.exe
O4 - HKLM\..\Run: [bdbuk] C:\WINNT\system32\bdbuk.exe
O4 - HKLM\..\Run: [bdcrk] C:\WINNT\system32\bdcrk.exe
O4 - HKLM\..\Run: [bdesk] C:\WINNT\system32\bdesk.exe
O4 - HKLM\..\Run: [cbalqd] C:\WINNT\cbalqd.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitexzn32.exe
O4 - HKLM\..\Run: [CIQTENUM] C:\WINNT\system32\CIQTENUM.exe
O4 - HKLM\..\Run: [ddenb32n] C:\WINNT\system32\ddenb32n.exe
O4 - HKLM\..\Run: [drmuxv] C:\WINNT\system32\drmuxv.exe
O4 - HKLM\..\Run: [esktopd] C:\WINNT\system32\esktopd.exe
O4 - HKLM\..\Run: [fc70um] C:\WINNT\system32\fc70um.exe
O4 - HKLM\..\Run: [fcsubsm] C:\WINNT\system32\fcsubsm.exe
O4 - HKLM\..\Run: [hares] C:\WINNT\system32\hares.exe
O4 - HKLM\..\Run: [hcpd] C:\WINNT\system32\hcpd.exe
O4 - HKLM\..\Run: [iasfw] C:\WINNT\system32\iasfw.exe
O4 - HKLM\..\Run: [icmgr10l] C:\WINNT\system32\icmgr10l.exe
O4 - HKLM\..\Run: [ingp] C:\WINNT\system32\ingp.exe
O4 - HKLM\..\Run: [inshfhcw] C:\WINNT\system32\inshfhcw.exe
O4 - HKLM\..\Run: [iskpartd] C:\WINNT\system32\iskpartd.exe
O4 - HKLM\..\Run: [jabber] C:\WINNT\system32\jabber.exe
O4 - HKLM\..\Run: [jcvsx] C:\WINNT\jcvsx.exe
O4 - HKLM\..\Run: [krodmh] C:\WINNT\krodmh.exe
O4 - HKLM\..\Run: [lastclnb] C:\WINNT\system32\lastclnb.exe
O4 - HKLM\..\Run: [le32o] C:\WINNT\system32\le32o.exe
O4 - HKLM\..\Run: [lsgiyhq] c:\winnt\system32\wvjesn.exe r
O4 - HKLM\..\Run: [mdl32c] C:\WINNT\system32\mdl32c.exe
O4 - HKLM\..\Run: [mmon32c] C:\WINNT\system32\mmon32c.exe
O4 - HKLM\..\Run: [mplocw] C:\WINNT\system32\mplocw.exe
O4 - HKLM\..\Run: [MSMsgN] C:\WINNT\system32\MSMsgN.exe
O4 - HKLM\..\Run: [mtorzqy] c:\winnt\system32\axygzro.exe r
O4 - HKLM\..\Run: [mvdmodw] C:\WINNT\system32\mvdmodw.exe
O4 - HKLM\..\Run: [ocatorl] C:\WINNT\system32\ocatorl.exe
O4 - HKLM\..\Run: [ontrolc] C:\WINNT\system32\ontrolc.exe
O4 - HKLM\..\Run: [oriconsm] C:\WINNT\system32\oriconsm.exe
O4 - HKLM\..\Run: [ourstartt] C:\WINNT\system32\ourstartt.exe
O4 - HKLM\..\Run: [pnmodemd] C:\WINNT\system32\pnmodemd.exe
O4 - HKLM\..\Run: [pousd07h] C:\WINNT\system32\pousd07h.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [ryhqx] C:\WINNT\ryhqx.exe
O4 - HKLM\..\Run: [S3HttpI] C:\WINNT\system32\S3HttpI.exe
O4 - HKLM\..\Run: [sasrvl] C:\WINNT\system32\sasrvl.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [sctfimem] C:\WINNT\system32\sctfimem.exe
O4 - HKLM\..\Run: [sentutle] C:\WINNT\system32\sentutle.exe
O4 - HKLM\..\Run: [sg723m] C:\WINNT\system32\sg723m.exe
O4 - HKLM\..\Run: [sjet40m] C:\WINNT\system32\sjet40m.exe
O4 - HKLM\..\Run: [slabelst] C:\WINNT\system32\slabelst.exe
O4 - HKLM\..\Run: [smypicss] C:\WINNT\system32\smypicss.exe
O4 - HKLM\..\Run: [spmspm] C:\WINNT\system32\spmspm.exe
O4 - HKLM\..\Run: [stext40m] C:\WINNT\system32\stext40m.exe
O4 - HKLM\..\Run: [tfmonc] C:\WINNT\system32\tfmonc.exe
O4 - HKLM\..\Run: [tmsmgrn] C:\WINNT\system32\tmsmgrn.exe
O4 - HKLM\..\Run: [tNmBResC] C:\WINNT\system32\tNmBResC.exe
O4 - HKLM\..\Run: [trmdlls] C:\WINNT\system32\trmdlls.exe
O4 - HKLM\..\Run: [tsbas2wc] C:\WINNT\system32\tsbas2wc.exe
O4 - HKLM\..\Run: [uickTimeQ] C:\WINNT\system32\uickTimeQ.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [vrsfrn] C:\WINNT\system32\vrsfrn.exe
O4 - HKLM\..\Run: [vsvex] C:\WINNT\vsvex.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [vwrsesn] C:\WINNT\system32\vwrsesn.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [xeyaoh] c:\winnt\system32\yyhzmw.exe r
O4 - HKLM\..\Run: [mscin] C:\WINNT\system32\m190309.EXE
O4 - HKLM\..\Run: [a08cb8ca5c87] C:\WINNT\system32\avwav837.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\rulakp.exe reg_run
O4 - HKLM\..\Run: [Rebate Retriever] C:\Program Files\Rebate Retriever\RebateRetriever.exe
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.co....cab?10,0,910,0
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.ofoto.com..._1/axhomepr.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Attached Files
Edited by mtsrunner, 05 August 2005 - 12:31 PM.