- alli
Logfile of HijackThis v1.99.0
Scan saved at 9:12:06 PM, on 2/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\yftmk4i2\yftmk4i2.exe
C:\WINDOWS\System32\Kewglr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\system32\kdaa.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\msupd4.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\ialmdev5.exe
C:\Documents and Settings\allison\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gweb.gwu.edu/?ref=www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {052E9AA6-70DA-45A9-A2F8-5B2D43B9107D} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {0B67D34E-5EC3-4A8B-ABE3-C437D16826D4} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {0D2FB733-2475-48A1-AB99-31BD89F196F1} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {0FF15230-1D1E-411A-8CD3-B3B4286CD904} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {103D4ED8-ABB3-4692-A5A4-BCCD6160AAD8} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {24563B35-EB60-4B5B-ACD5-EB86EBBCB081} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {2847F65F-4352-4557-8E38-B12BCFACC0EC} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {29EF6948-7E24-449D-9AE9-B86DD5DCF5E5} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {3EB40509-3746-4226-9040-B53D5037D081} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {51D02731-53B2-4462-9BD3-CF5C5B13F57A} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {5A2666D3-60F4-4CA8-9938-303A025F961D} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {5AE50551-D2B4-528A-E9CB-29AFFDECD85E} - C:\WINDOWS\System32\jzzcaghe.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {673326E0-31DA-4E27-A30D-F28C5EA0959E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {68EA1512-FE39-46BE-B82B-F9789905D810} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {6F378900-9823-4D8A-B9DA-06704FF32F1E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {82F7544B-F8AA-499A-BCF9-6A3426218875} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {88AACBD0-4D4B-4514-B31E-DBBE6FEB2967} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {8D288260-1FD2-49D0-A54A-4FD40493B3F3} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {95C68940-BC19-4DCD-8141-B22FE6D95AE6} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {A256FF9C-3FF1-4224-8D80-FB05DBDDB59B} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {A2E65F11-491A-4DE1-B14B-9035328DF182} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {B195EBAC-825F-78EB-3780-8AB99A6F03E7} - (no file)
O2 - BHO: (no name) - {CEA2D430-D9F6-4AAF-8099-835FF86FD279} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {D3F44594-FDD8-494D-B571-5DB257EEB6CB} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {DF538C90-0D91-4D05-9718-F2B997411800} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F006A8D1-4707-4A51-B3BE-0A889025B076} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O2 - BHO: (no name) - {F80FB504-5290-4E1D-B13A-EDF60BFD28E6} - C:\Program Files\yftmk4i2\yftmk4i2.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [yftmk4i2] C:\Program Files\yftmk4i2\yftmk4i2.exe
O4 - HKLM\..\Run: [xnmuxc] C:\WINDOWS\System32\xnmuxc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Kewglr.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [kdaa] C:\WINDOWS\system32\kdaa.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ ] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [jdbfgc] C:\WINDOWS\System32\jdbfgc.exe
O4 - HKLM\..\Run: [vzlpjj] c:\windows\system32\vzlpjj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ialmdev5] C:\WINDOWS\System32\ialmdev5.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: GW GBUSSNet Client 2.0.lnk = C:\Program Files\GW\GBUSSNet Client 2.0\vpngui.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Unknown - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)