Logfile of HijackThis v1.99.1
Scan saved at 5:42:01 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ntaz.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\RAHULW~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\RAHULW~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ceyhi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {92093452-29D6-C992-7CF2-E45692D46C2B} - C:\WINDOWS\sdkkq.dll
O2 - BHO: Class - {E3660349-F68F-6736-8733-F80F0102D728} - C:\WINDOWS\crso.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ipah32.exe] C:\WINDOWS\ipah32.exe
O4 - HKLM\..\Run: [apinx32.exe] C:\WINDOWS\system32\apinx32.exe
O4 - HKLM\..\Run: [ntaz.exe] C:\WINDOWS\ntaz.exe
O4 - HKLM\..\Run: [mfcpf32.exe] C:\WINDOWS\mfcpf32.exe
O4 - HKLM\..\Run: [msil.exe] C:\WINDOWS\system32\msil.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\RunOnce: [atlym.exe] C:\WINDOWS\atlym.exe
O4 - HKLM\..\RunOnce: [addqk.exe] C:\WINDOWS\addqk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [appjw32.exe] C:\WINDOWS\appjw32.exe
O4 - HKLM\..\RunOnce: [ntof32.exe] C:\WINDOWS\ntof32.exe
O4 - HKLM\..\RunOnce: [addus.exe] C:\WINDOWS\addus.exe
O4 - HKLM\..\RunOnce: [mslh32.exe] C:\WINDOWS\system32\mslh32.exe
O4 - HKLM\..\RunOnce: [crhz32.exe] C:\WINDOWS\system32\crhz32.exe
O4 - HKLM\..\RunOnce: [sysoe.exe] C:\WINDOWS\system32\sysoe.exe
O4 - HKLM\..\RunOnce: [atlms32.exe] C:\WINDOWS\system32\atlms32.exe
O4 - HKLM\..\RunOnce: [ntxo.exe] C:\WINDOWS\ntxo.exe
O4 - HKLM\..\RunOnce: [ievh32.exe] C:\WINDOWS\system32\ievh32.exe
O4 - HKLM\..\RunOnce: [mshx.exe] C:\WINDOWS\mshx.exe
O4 - HKLM\..\RunOnce: [ient32.exe] C:\WINDOWS\ient32.exe
O4 - HKLM\..\RunOnce: [sdksn.exe] C:\WINDOWS\sdksn.exe
O4 - HKLM\..\RunOnce: [winbt32.exe] C:\WINDOWS\winbt32.exe
O4 - HKLM\..\RunOnce: [javavn32.exe] C:\WINDOWS\javavn32.exe
O4 - HKLM\..\RunOnce: [mfcap.exe] C:\WINDOWS\mfcap.exe
O4 - HKLM\..\RunOnce: [appxm32.exe] C:\WINDOWS\appxm32.exe
O4 - HKLM\..\RunOnce: [mscg.exe] C:\WINDOWS\mscg.exe
O4 - HKLM\..\RunOnce: [mfcte32.exe] C:\WINDOWS\mfcte32.exe
O4 - HKLM\..\RunOnce: [javamp32.exe] C:\WINDOWS\javamp32.exe
O4 - HKLM\..\RunOnce: [apirj.exe] C:\WINDOWS\system32\apirj.exe
O4 - HKLM\..\RunOnce: [apixf32.exe] C:\WINDOWS\system32\apixf32.exe
O4 - HKLM\..\RunOnce: [winka32.exe] C:\WINDOWS\system32\winka32.exe
O4 - HKLM\..\RunOnce: [netfl32.exe] C:\WINDOWS\system32\netfl32.exe
O4 - HKLM\..\RunOnce: [sdkkq.exe] C:\WINDOWS\sdkkq.exe
O4 - HKLM\..\RunOnce: [nttq32.exe] C:\WINDOWS\system32\nttq32.exe
O4 - HKLM\..\RunOnce: [iphn32.exe] C:\WINDOWS\iphn32.exe
O4 - HKLM\..\RunOnce: [appmj.exe] C:\WINDOWS\appmj.exe
O4 - HKLM\..\RunOnce: [ieiv.exe] C:\WINDOWS\ieiv.exe
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe