Scan saved at 10:19:51 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\gggggg ppppppp\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\klktr.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\klktr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.34.242.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 24.34.242.9;<local>
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBlocs SecurityToolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - C:\Documents and Settings\gggggg ppppppp\Local Settings\Application Data\ssstbar\sssTbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [bingo9] bhoserv.exe
O4 - HKLM\..\Run: [sound64] PrcIdle.exe
O4 - HKLM\..\Run: [nmdllw] ssweeper.exe
O4 - HKLM\..\Run: [dePloy] StatusCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [BoundRec] xwiz.exe
O4 - HKCU\..\Run: [Uint32] FLKPT.exe
O4 - HKCU\..\Run: [iesetupdll] syspanel.exe
O4 - HKCU\..\Run: [keybdll] iesetupdll.exe
O4 - HKCU\..\Run: [iehelper] SYSTRAV.exe
O4 - HKCU\..\Run: [NsCplTray] stuffmon.exe
O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLF1B.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Reminder-hpc40502.lnk = C:\Program Files\CD-Writer Plus\E-Reg\Remind32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: OSA.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Corel Network monitor worker - {E68E4DE0-2E99-11D9-89B3-444553540000} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E68E4DE0-2E99-11D9-89B3-444553540000} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Corel Network monitor worker - {E68E4DE0-2E99-11D9-89B3-444553540000} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E68E4DE0-2E99-11D9-89B3-444553540000} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O15 - Trusted Zone: http://*.windupdates.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1987334D-BE46-4323-87E3-379CA43C9184}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{3714C872-AB4A-40D2-8D0D-78CFC4460852}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9780E19-18DE-4160-99BC-C8679FE8A2FD}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBCBBD76-62D3-4B5B-8D6C-0B3CCF02AE8A}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{1987334D-BE46-4323-87E3-379CA43C9184}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{1987334D-BE46-4323-87E3-379CA43C9184}: NameServer = 69.50.168.140,85.255.112.21
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Edited by spr88gumbi, 21 September 2005 - 08:56 AM.