This topic is locked
Scan saved at 7:50:33 PM, on 3/12/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
C:\Program Files\Symantec\Norton
Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton
Ghost\Agent\GhostTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program
Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Download
Manager\IDMan.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.ex
e
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Gary\Local
Settings\Temp\Temporary Directory 2 for
.ZIP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page = \blank.htm
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inte
rnet Settings,ProxyOverride = localhost
O2 - BHO: IDM Helper -
{0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program
Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - (no file)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: SpoofStick BHO -
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program
Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick -
{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program
Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program
Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TrojanScanner] C:\Program
Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program
Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RunDll32
c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program
Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet
Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.ex
e
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk
= C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk =
C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Maintain Block
List... - C:\PROGRA~1\AllStar\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List...
- C:\PROGRA~1\AllStar\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude
List... - C:\PROGRA~1\AllStar\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option
&Settings... -
C:\PROGRA~1\AllStar\AdShield\settings.htm
O8 - Extra context menu item: Download All Links
with IDM - C:\Program Files\Internet Download
Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM -
C:\Program Files\Internet Download
Manager\IEExt.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet -
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet -
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.ultimatebet.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
(PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} -
http://ftp.gurunet.c...GNInstaller.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94}
(iCC Class) -
http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
(MSSecurityAdvisor Class) -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE}
(LSSupCtl Class) -
http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}
(Microsoft Data Collection Control) -
https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://us.dl1.yimg.c...o.com/dl/instal
ls/yinst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.....apple.com/iTun
es4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.micros...pdate/v6/V5Cont
rols/en/x86/client/wuweb_site.cab?1119612346625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.micros...tupdate/v6/V5Co
ntrols/en/x86/client/muweb_site.cab?1142216750062
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} -
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125}
(mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://www.pandasoft...scan/as5/asinst.
cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697}
(Create & Print ActiveX Plug-in) -
http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) -
https://www-secure.s...supp/activedata
/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
(McFreeScan Class) -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} -
O20 - Winlogon Notify: WRNotifier -
C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt)
- GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Deepsight Extractor
(DeepsightExtractor) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for
NPF03 (ExtractorServiceNPF03) - Unknown owner -
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for
NPF04 (ExtractorServiceNPF04) - Unknown owner -
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF04.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Ghost - Symantec Corporation
- C:\Program Files\Symantec\Norton
Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc)
- NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine
(svcWRSSSDK) - Webroot Software, Inc. - C:\Program
Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon)
- Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thanks
hookturn2
Sign In
Create Account
