My Hijack this Log.
Logfile of HijackThis v1.99.1
Scan saved at 1:46:25 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\csmrs.exe
C:\WINDOWS\System\msveup.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\intell32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Winamp\Plugins\SIGServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\mszk32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tonyl\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/[email protected]
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {4B4EE737-2D47-E126-DFBD-035B9EF1BE06} - C:\WINDOWS\appsx.dll
O2 - BHO: Class - {878A81B0-C10A-9380-C3B6-89A99E2C869B} - C:\WINDOWS\apiui32.dll
O2 - BHO: Class - {9A735E65-B77E-83B5-E2CE-86A183CD727B} - C:\WINDOWS\system32\javadd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FCB51F0E-2C0D-0B31-D324-1F2349F7433A} - C:\WINDOWS\addsm32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VC5MediaPlayer] C:\WINDOWS\system32\csmrs.exe
O4 - HKLM\..\Run: [.msfupdate] C:\WINDOWS\System\msveup.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [atlqx32.exe] C:\WINDOWS\system32\atlqx32.exe
O4 - HKLM\..\Run: [mszk32.exe] C:\WINDOWS\mszk32.exe
O4 - HKLM\..\RunOnce: [atlcm32.exe] C:\WINDOWS\system32\atlcm32.exe
O4 - HKLM\..\RunOnce: [d3jo.exe] C:\WINDOWS\system32\d3jo.exe
O4 - HKLM\..\RunOnce: [mfcni32.exe] C:\WINDOWS\mfcni32.exe
O4 - HKLM\..\RunOnce: [addqp32.exe] C:\WINDOWS\system32\addqp32.exe
O4 - HKLM\..\RunOnce: [appbr.exe] C:\WINDOWS\system32\appbr.exe
O4 - HKLM\..\RunOnce: [appqn32.exe] C:\WINDOWS\appqn32.exe
O4 - HKLM\..\RunOnce: [javaku.exe] C:\WINDOWS\javaku.exe
O4 - HKLM\..\RunOnce: [apipp32.exe] C:\WINDOWS\apipp32.exe
O4 - HKLM\..\RunOnce: [atlty32.exe] C:\WINDOWS\system32\atlty32.exe
O4 - HKLM\..\RunOnce: [appgf32.exe] C:\WINDOWS\system32\appgf32.exe
O4 - HKLM\..\RunOnce: [msuh.exe] C:\WINDOWS\system32\msuh.exe
O4 - HKLM\..\RunOnce: [sysqa.exe] C:\WINDOWS\system32\sysqa.exe
O4 - HKLM\..\RunOnce: [sdkvu.exe] C:\WINDOWS\system32\sdkvu.exe
O4 - HKLM\..\RunOnce: [atlir.exe] C:\WINDOWS\atlir.exe
O4 - HKLM\..\RunOnce: [apimr.exe] C:\WINDOWS\apimr.exe
O4 - HKLM\..\RunOnce: [ntht32.exe] C:\WINDOWS\system32\ntht32.exe
O4 - HKLM\..\RunOnce: [apisg32.exe] C:\WINDOWS\apisg32.exe
O4 - HKLM\..\RunOnce: [iewz32.exe] C:\WINDOWS\iewz32.exe
O4 - HKLM\..\RunOnce: [addiv.exe] C:\WINDOWS\system32\addiv.exe
O4 - HKLM\..\RunOnce: [crns.exe] C:\WINDOWS\system32\crns.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\msgb.exe
O4 - HKLM\..\RunOnce: [ntmd32.exe] C:\WINDOWS\ntmd32.exe
O4 - HKLM\..\RunOnce: [crcm32.exe] C:\WINDOWS\crcm32.exe
O4 - HKLM\..\RunOnce: [winje32.exe] C:\WINDOWS\winje32.exe
O4 - HKLM\..\RunOnce: [javaoy.exe] C:\WINDOWS\system32\javaoy.exe
O4 - HKLM\..\RunOnce: [javaqj32.exe] C:\WINDOWS\system32\javaqj32.exe
O4 - HKLM\..\RunOnce: [winbg32.exe] C:\WINDOWS\winbg32.exe
O4 - HKLM\..\RunOnce: [winev32.exe] C:\WINDOWS\winev32.exe
O4 - HKLM\..\RunOnce: [addwc32.exe] C:\WINDOWS\system32\addwc32.exe
O4 - HKLM\..\RunOnce: [d3bx.exe] C:\WINDOWS\d3bx.exe
O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\system32\crlb32.exe
O4 - HKLM\..\RunOnce: [apiyv.exe] C:\WINDOWS\system32\apiyv.exe
O4 - HKLM\..\RunOnce: [appsx.exe] C:\WINDOWS\appsx.exe
O4 - HKLM\..\RunOnce: [d3xr32.exe] C:\WINDOWS\d3xr32.exe
O4 - HKLM\..\RunOnce: [atlmg.exe] C:\WINDOWS\atlmg.exe
O4 - HKLM\..\RunOnce: [addkh32.exe] C:\WINDOWS\addkh32.exe
O4 - HKLM\..\RunOnce: [d3pb.exe] C:\WINDOWS\system32\d3pb.exe
O4 - HKLM\..\RunOnce: [atlcp32.exe] C:\WINDOWS\atlcp32.exe
O4 - HKLM\..\RunOnce: [wintf32.exe] C:\WINDOWS\system32\wintf32.exe
O4 - HKLM\..\RunOnce: [sdkgu32.exe] C:\WINDOWS\sdkgu32.exe
O4 - HKLM\..\RunOnce: [mfcoi32.exe] C:\WINDOWS\mfcoi32.exe
O4 - HKLM\..\RunOnce: [netnv.exe] C:\WINDOWS\system32\netnv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121887401578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3jo.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Edited by TonyGarcia, 19 August 2005 - 05:03 PM.