Logfile of HijackThis v1.99.1
Scan saved at 9:04:01 AM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MUSICM~2\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\sweep\SWEEP.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.amberspai...ername=starwood
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://store.presari...storeredir2.dll?
s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title
= Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a}
- C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &RoboForm -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark
2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax
Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MimBoot]
C:\PROGRA~1\MUSICM~2\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program
Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter
4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk =
C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program
Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program
Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .hlq: C:\Program Files\Internet
Explorer\PLUGINS\NpHcd32.dll
O14 - IERESET.INF:
START_PAGE_URL=http://store.presario.net/scripts/redirectors/pres
ario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Lottso by pogo -
http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: symsupportutil -
https://www-secure.s.../symsupportutil.
CAB
O16 - DPF: Tri-Peaks by pogo -
http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -
http://game1.pogo.co...ldclass-ob-asse
ts.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys
Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX
ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl
Class) -
https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner
Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
(QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg...rol_v1-0-3-24.c
ab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai...ecall.trendmicr
o.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove
Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
(CamImage Class) -
http://floridakeysme...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie
Control) -
http://a19.g.akamai....s.com/r3302/cpb
rkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse
V5 ActiveX Control) -
http://www.pulse3d.c...ePlayer5.2AxWin.
cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}
(InetDownload Class) -
http://activex.micro...Media/downloadc
ontrol.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}
(Download Class) -
http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.syma...mon/bin/cabsa.c
ab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}
(Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C}
(ContentAuditX Control) -
http://a840.g.akamai...ntentwatch.com/
audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
(iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
(GpcContainer Class) -
https://interactcomm...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) -
https://www-secure.s...a/ActiveData.ca
b
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170}
(AvzPrintingComponent Class) -
http://babymint.nest...ents/AvzPrintin
gActiveX1600.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}
(moDiagCollectionActiveX Object) -
http://www.musicmatc...tics/cabs/DiagC
ollectionControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America
Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -
Unknown owner -
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony
Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -
Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,
Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North
America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk
(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation -
C:\Program Files\Iomega\AutoDisk\ADService.exe