Logfile of HijackThis v1.99.1
Scan saved at 8:42:09 PM, on 10/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\ncomputer\Local Settings\Temporary Internet Files\Content.IE5\J8U2L0CF\HijackThis[1].exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [t72O3EW] modrxy.exe
O4 - HKLM\..\Run: [bl7fc35t] C:\WINDOWS\System32\bl7fc35t.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [l] C:\WINDOWS\l
O4 - HKLM\..\Run: [m] C:\WINDOWS\m
O4 - HKLM\..\Run: [z] C:\WINDOWS\z
O4 - HKLM\..\Run: [a] C:\WINDOWS\a
O4 - HKLM\..\Run: [r] C:\WINDOWS\r
O4 - HKLM\..\Run: [appjk32.exe] C:\WINDOWS\appjk32.exe
O4 - HKLM\..\Run: [e] C:\WINDOWS\e
O4 - HKLM\..\Run: [b] C:\WINDOWS\b
O4 - HKLM\..\Run: [v] C:\WINDOWS\v
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1120926579\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [w] C:\WINDOWS\w
O4 - HKLM\..\Run: [h] C:\WINDOWS\h
O4 - HKLM\..\Run: [d] C:\WINDOWS\d
O4 - HKLM\..\Run: [c] C:\WINDOWS\c
O4 - HKLM\..\Run: [u] C:\WINDOWS\u
O4 - HKLM\..\Run: [k] C:\WINDOWS\k
O4 - HKLM\..\Run: [o] C:\WINDOWS\o
O4 - HKLM\..\Run: [n] C:\WINDOWS\n
O4 - HKLM\..\Run: [j] C:\WINDOWS\j
O4 - HKLM\..\Run: [f] C:\WINDOWS\f
O4 - HKLM\..\Run: [t] C:\WINDOWS\t
O4 - HKLM\..\Run: [s] C:\WINDOWS\s
O4 - HKLM\..\Run: [q] C:\WINDOWS\q
O4 - HKLM\..\Run: [x] C:\WINDOWS\x
O4 - HKLM\..\Run: [p] C:\WINDOWS\p
O4 - HKLM\..\Run: [i] C:\WINDOWS\i
O4 - HKLM\..\Run: [y] C:\WINDOWS\y
O4 - HKLM\..\Run: [g] C:\WINDOWS\g
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [cwtEROatj] mmcpdmoe.exe
O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
http://bar.mywebsear...S_ZBzeb032YYUS@[fwpscript]Version:01.03.00.08|rsvp|Icon:none@[
O16 - DPF: Jungle Gin by pogo -
http://game1.pogo.co...n-ob-assets.cabO16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: Yahoo! Gin -
http://download.game...nts/y/nt1_x.cabO16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/pote_x.cabO16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) -
http://survey.otxres...m/Preloader.dllO16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg...v45/yacscom.cabO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) -
http://esupport.aol....oach_core_1.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
http://www.otxresear...ia/OTXMedia.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
https://objects.aol....83/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1128802098184O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) -
http://209.67.146.68.../ACNePlayer.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
https://objects.aol....,20/McGDMgr.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlow.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe