Logfile of HijackThis v1.99.0
Scan saved at 9:47:07 AM, on 1/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\smss.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\winlogon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\services.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\lsass.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\Explorer.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SYSTEM32\config\SYSTEM\system32\ZONELABS\vsmon.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\USBD20\shwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim Grout-Smith\My Documents\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft System Checkup] ntsysman.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ShowIcon_Just Rams_USB Product Driver v2.08r011] "C:\Program Files\USBD20\shwicon.exe" -t"Just Rams\USB Product Driver v2.08r011"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microsoft System Checkup] ntsysman.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://merlin.oxfam.org.uk/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/loader2.ocx
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lyc...ileUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FFC6993-A76B-47C6-9505-20FE41493A06}: NameServer = 62.241.162.200 158.43.240.3
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NT login service - Unknown - C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM\System32\ntsysman.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\config\SYSTEM\system32\ZONELABS\vsmon.exe