hijack log
Logfile of HijackThis v1.99.1
Scan saved at 6:47:54 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\don\local settings\temp\ziOHCP.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\dp-him.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\tn8.exe
C:\documents and settings\don\local settings\temp\CB.exe
C:\documents and settings\don\local settings\temp\AR.exe
C:\documents and settings\don\local settings\temp\mIvVHu.exe
C:\documents and settings\don\local settings\temp\Z4.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\WINDOWS\svchost.exe
C:\windows\system32\biVpt.exe
C:\windows\system32\7RSeYK.exe
C:\Program Files\iast6psa\iast6psa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\iissrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\?рoolsv.exe
C:\Program Files\uopt\awor.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\Program Files\Common Files\AOL\1124232064\ee\AOLHostManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1124232064\ee\AOLServiceHost.exe
C:\WINDOWS\system32\biVpt.exe
C:\Program Files\iast6psa\50274354.exe
C:\Program Files\iast6psa\iast6psa.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
\ANDREW\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {00000000-0000-46D8-A6CB-0DF21D39CA18} - C:\Program Files\iast6psa\iast6psa.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {2FBF2845-321E-4488-BD63-0A6ABB375C98} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3088B431-F254-4D6B-9FA7-1BFD0BB76B91} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3092BC8C-A04E-442E-AF68-F897EBC7B536} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {35324D37-C04D-40CE-BFE6-0A5754CD8BEB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {4B597935-E432-4DD3-B342-C16096B1FF44} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {503E483B-6E69-4952-90B2-6092C8602A20} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {63304DAE-850B-4EE5-A2C1-34749D293DA8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {663AB654-9373-4098-B231-270A5D8C6E77} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: (no name) - {7282310D-F2F9-4048-A6C4-4B6A6C07E280} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {83117431-6E6D-4817-8119-66239DF56458} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {87ACFA64-8F93-4517-87AE-ECA63D032B9B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: (no name) - {8E2D2A21-474F-4D21-8951-80ADCCAC902C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {911FC205-D953-4846-AF7D-151D795406BA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9659BE54-E727-42F0-BABA-36A2405D8A09} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9DFD5967-519A-413A-A0A9-BB747E5C7C60} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9FC820AD-1DAF-495F-9EF5-6C0B767597E5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A4334BA9-EE32-43A3-9009-2BC387F2E368} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A78BB745-3201-45B0-94DC-6ACDADE7B6BD} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {C6B02198-0BEE-4AFD-947D-4DEB1B2E74F5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C73697E9-8DA4-4362-A28C-08CE010B3BC2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: (no name) - {D45EC428-3F21-4436-8DE3-76368541978A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E043EF2F-3662-4D02-A6BA-B71859B0368A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\don\Local Settings\Temp\Ce3I.dll
O2 - BHO: (no name) - {F1C3218F-C5ED-405C-94C3-77A2008F4F21} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {FC28A093-DCBF-41A9-AE86-515E76871B23} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ziOHCP] C:\documents and settings\don\local settings\temp\ziOHCP.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [w7sk3pj] rdpproperty.exe
O4 - HKLM\..\Run: [Cb1G4K] C:\documents and settings\don\local settings\temp\Cb1G4K.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [b] C:\windows\b.exe
O4 - HKLM\..\Run: [tn8] C:\windows\tn8.exe
O4 - HKLM\..\Run: [8988lizf] C:\documents and settings\don\local settings\temp\8988lizf.exe
O4 - HKLM\..\Run: [CB] C:\documents and settings\don\local settings\temp\CB.exe
O4 - HKLM\..\Run: [AR] C:\documents and settings\don\local settings\temp\AR.exe
O4 - HKLM\..\Run: [bOJaZ] C:\documents and settings\don\local settings\temp\bOJaZ.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [mIvVHu] C:\documents and settings\don\local settings\temp\mIvVHu.exe
O4 - HKLM\..\Run: [Z4] C:\documents and settings\don\local settings\temp\Z4.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [wnddrv] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [biVpt.exe] c:\windows\system32\biVpt.exe
O4 - HKLM\..\Run: [7RSeYK] C:\windows\system32\7RSeYK.exe
O4 - HKLM\..\Run: [WinNite] C:\WINDOWS\NITEAIM.EXE
O4 - HKLM\..\Run: [iast6psa] C:\Program Files\iast6psa\iast6psa.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124232064\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iissrv] C:\WINDOWS\iissrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [hw3qRfH8U] cnbsc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Jfhqgjw] C:\WINDOWS\system32\?¬aoolsv.exe
O4 - HKCU\..\Run: [Tawt] "C:\Program Files\uopt\awor.exe" -vt mtx
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Palfun.lnk = C:\Program Files\AIM\palfun.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/emCraft1.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...bs/iconmake.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDAFAA31-CEA4-4A06-912A-D3931114FC30}: NameServer = 24.56.130.2,216.53.130.2
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe