Logfile of HijackThis v1.99.0
Scan saved at 12:23:03 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\ZipToA.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\qoquii.exe
E:\Program Files\Dell\Solution Center\service.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\PROGRA~1\Adaptec\DirectCD\directcd.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINNT\System32\MsiExec.exe
E:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
E:\Program Files\Microsoft Money\System\mnyexpr.exe
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\Palm\hotsync.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\12Ghosts\12popup.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\WINNT\system32\rundll32.exe
E:\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - E:\Program Files\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DellSC] E:\Program Files\Dell\Solution Center\service.exe
O4 - HKLM\..\Run: [Iomega Startup Options] E:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] E:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [CreateCD] E:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MoneyAgent] "E:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HotSync Manager.lnk = E:\Palm\hotsync.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: 12Ghosts Popup-Killer.lnk = E:\Program Files\12Ghosts\12popup.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager 2.0.lnk = E:\Palm\hotsync.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\calsp.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: IomegaAccess - Iomega Corporation - E:\WINNT\System32\IomegaAccess.exe
O23 - Service: SymWMI Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZipToA - Iomega Corporation - E:\WINNT\System32\ZipToA.exe