Logfile of HijackThis v1.99.1
Scan saved at 3:27:50 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\Smlt\command.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\nglzbex.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\windows\system32\logon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\WINDOWS\nglzbexA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Uvlwiv\Amwo.exe
C:\windows\system32\rodsregk.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\mmxp2passion.exe
C:\WINDOWS\system32\wgse.exe
C:\Program Files\Common Files\MySoftware\intercom.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\swinpsai.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\paperweight\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/html/start/start.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINDOWS\system32\awvtt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [logon.exe] c:\windows\system32\logon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteaam32.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [freexstyle] lockbr.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [0kg00xc4.dll] RUNDLL32.EXE 0kg00xc4.dll,b 30478734
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waoqar.exe reg_run
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [nglzbexA] C:\WINDOWS\nglzbexA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Bhytk] C:\Program Files\Uvlwiv\Amwo.exe
O4 - HKLM\..\Run: [{9B-B9-93-3E-ZN}] C:\windows\system32\rodsregk.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinpsai.exe CORN001
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [RegiFast] C:\Program Files\RegiFast\RFManager.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\swinpsai.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware InterCom.lnk = C:\Program Files\Common Files\MySoftware\intercom.exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\s2pu0c79ef.dll
O20 - Winlogon Notify: winubg32 - C:\WINDOWS\SYSTEM32\winubg32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_14.dll
O21 - SSODL: bqTiUoNky - {40E9B93F-EA43-1395-9516-73AE6A0ADF71} - C:\WINDOWS\system32\ewr.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nglzbex.exe
Edited by Paperweight, 20 February 2006 - 03:37 PM.