Logfile of HijackThis v1.97.7
Scan saved at 11:43:17 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\PGP for Windows XP\PGPservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\bibuxzya.exe
C:\WINDOWS\dgudebx.exe
C:\WINDOWS\esvwpts.exe
C:\WINDOWS\fgcmm.exe
C:\WINDOWS\kwxfxg.exe
C:\WINDOWS\zesh.exe
C:\WINDOWS\iusvyjb.exe
C:\WINDOWS\xlqlxwlc.exe
C:\WINDOWS\kfqqpbboo.exe
C:\WINDOWS\evdbtlgv.exe
C:\WINDOWS\xlsfqswx.exe
C:\WINDOWS\rpbm.exe
C:\WINDOWS\dfdtpzp.exe
C:\WINDOWS\wxjwqt.exe
C:\WINDOWS\pnwhu.exe
C:\WINDOWS\tmcj.exe
C:\WINDOWS\kpesko.exe
C:\WINDOWS\ghoe.exe
C:\WINDOWS\mihl.exe
C:\WINDOWS\fonfjl.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\vgssojj.exe
C:\WINDOWS\gunuprm.exe
C:\WINDOWS\nlcp.exe
C:\WINDOWS\ormghjz.exe
C:\WINDOWS\nbpdvziqo.exe
C:\WINDOWS\hvwnklobx.exe
C:\WINDOWS\kcjbp.exe
C:\WINDOWS\xndu.exe
C:\WINDOWS\jhojdik.exe
C:\WINDOWS\mmgjyo.exe
C:\WINDOWS\dtwl.exe
C:\WINDOWS\xywq.exe
C:\WINDOWS\ctzmhdjaz.exe
C:\WINDOWS\yugl.exe
C:\WINDOWS\mzmonewo.exe
C:\WINDOWS\msaqzomn.exe
C:\WINDOWS\ptlpn.exe
C:\WINDOWS\wmxm.exe
C:\WINDOWS\ouwyrvs.exe
C:\WINDOWS\uvpfkvc.exe
C:\WINDOWS\votzs.exe
C:\WINDOWS\hicszc.exe
C:\WINDOWS\cpgmbpt.exe
C:\WINDOWS\reffzsqdx.exe
C:\WINDOWS\bnzxbxtu.exe
C:\WINDOWS\ajddcn.exe
C:\WINDOWS\uzqnh.exe
C:\WINDOWS\zqakvamr.exe
C:\WINDOWS\sxugpq.exe
C:\WINDOWS\lcctzwvr.exe
C:\WINDOWS\iztcxfoi.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\SP90JEP3\HijackThis[1].exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CSBrBHO - {6D0AC7F7-B628-4581-A8B2-14D97F24AA76} - (no file)
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {CAC104E5-8DAB-FB4D-D3E1-717D763A33CC} - C:\WINDOWS\system32\bvgpyifr.dll (file missing)
O2 - BHO: (no name) - {CF3C2262-5BE7-48C5-A126-A134638047C8} - C:\WINDOWS\System32\fclbcatex.dll (file missing)
O2 - BHO: (no name) - {EFC185FB-1617-C901-D46E-6C3DCA2E9FFB} - C:\WINDOWS\system32\lzezjyro.dll (file missing)
O3 - Toolbar: (no name) - {A5214645-7029-4560-B58C-F681831F416D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Messenger Plus] "C:\Program Files\Messenger Plus\messplus.exe" -silent
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tst] C:\WINDOWS\tst.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [phqhnnd] C:\WINDOWS\bibuxzya.exe
O4 - HKLM\..\Run: [glfhzof] C:\WINDOWS\dgudebx.exe
O4 - HKLM\..\Run: [bnkos] C:\WINDOWS\esvwpts.exe
O4 - HKLM\..\Run: [bghnif] C:\WINDOWS\fgcmm.exe
O4 - HKLM\..\Run: [zufvv] C:\WINDOWS\kwxfxg.exe
O4 - HKLM\..\Run: [iwoiopcsv] C:\WINDOWS\zesh.exe
O4 - HKLM\..\Run: [fsbgwofqg] C:\WINDOWS\iusvyjb.exe
O4 - HKLM\..\Run: [tujjjrr] C:\WINDOWS\xlqlxwlc.exe
O4 - HKLM\..\Run: [ojpzc] C:\WINDOWS\kfqqpbboo.exe
O4 - HKLM\..\Run: [mejz] C:\WINDOWS\evdbtlgv.exe
O4 - HKLM\..\Run: [tukgu] C:\WINDOWS\xlsfqswx.exe
O4 - HKLM\..\Run: [vlmjzyii] C:\WINDOWS\rpbm.exe
O4 - HKLM\..\Run: [mdvna] C:\WINDOWS\dfdtpzp.exe
O4 - HKLM\..\Run: [fbjnjuq] C:\WINDOWS\wxjwqt.exe
O4 - HKLM\..\Run: [tnpq] C:\WINDOWS\pnwhu.exe
O4 - HKLM\..\Run: [tbkk] C:\WINDOWS\tmcj.exe
O4 - HKLM\..\Run: [kpphujora] C:\WINDOWS\kpesko.exe
O4 - HKLM\..\Run: [csmhrkcjs] C:\WINDOWS\ghoe.exe
O4 - HKLM\..\Run: [cchxntoq] C:\WINDOWS\mihl.exe
O4 - HKLM\..\Run: [jqtykzmno] C:\WINDOWS\fonfjl.exe
O4 - HKLM\..\Run: [rddvltbyq] C:\WINDOWS\vgssojj.exe
O4 - HKLM\..\Run: [lrxbyns] C:\WINDOWS\gunuprm.exe
O4 - HKLM\..\Run: [ttjovyne] C:\WINDOWS\nlcp.exe
O4 - HKLM\..\Run: [wfwnre] C:\WINDOWS\ormghjz.exe
O4 - HKLM\..\Run: [nvbgjt] C:\WINDOWS\nbpdvziqo.exe
O4 - HKLM\..\Run: [altgxg] C:\WINDOWS\hvwnklobx.exe
O4 - HKLM\..\Run: [attoci] C:\WINDOWS\kcjbp.exe
O4 - HKLM\..\Run: [gmlqv] C:\WINDOWS\xndu.exe
O4 - HKLM\..\Run: [cqoteduyb] C:\WINDOWS\jhojdik.exe
O4 - HKLM\..\Run: [xbhy] C:\WINDOWS\mmgjyo.exe
O4 - HKLM\..\Run: [ugahusij] C:\WINDOWS\dtwl.exe
O4 - HKLM\..\Run: [mfuvpyx] C:\WINDOWS\xywq.exe
O4 - HKLM\..\Run: [jupdczb] C:\WINDOWS\ctzmhdjaz.exe
O4 - HKLM\..\Run: [vgre] C:\WINDOWS\yugl.exe
O4 - HKLM\..\Run: [dbgqu] C:\WINDOWS\mzmonewo.exe
O4 - HKLM\..\Run: [jduu] C:\WINDOWS\msaqzomn.exe
O4 - HKLM\..\Run: [kmbxbhqmo] C:\WINDOWS\ptlpn.exe
O4 - HKLM\..\Run: [bevw] C:\WINDOWS\wmxm.exe
O4 - HKLM\..\Run: [pfqbodq] C:\WINDOWS\ouwyrvs.exe
O4 - HKLM\..\Run: [faznup] C:\WINDOWS\uvpfkvc.exe
O4 - HKLM\..\Run: [jhnzlg] C:\WINDOWS\votzs.exe
O4 - HKLM\..\Run: [tcida] C:\WINDOWS\hicszc.exe
O4 - HKLM\..\Run: [zkvegxp] C:\WINDOWS\cpgmbpt.exe
O4 - HKLM\..\Run: [opyu] C:\WINDOWS\reffzsqdx.exe
O4 - HKLM\..\Run: [sjcq] C:\WINDOWS\bnzxbxtu.exe
O4 - HKLM\..\Run: [pmmwllmp] C:\WINDOWS\ajddcn.exe
O4 - HKLM\..\Run: [xwasmkvew] C:\WINDOWS\uzqnh.exe
O4 - HKLM\..\Run: [nkrew] C:\WINDOWS\zqakvamr.exe
O4 - HKLM\..\Run: [vowzdbc] C:\WINDOWS\sxugpq.exe
O4 - HKLM\..\Run: [cdahvtcrh] C:\WINDOWS\lcctzwvr.exe
O4 - HKLM\..\Run: [dfewfh] C:\WINDOWS\iztcxfoi.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud16.sports....lgcst1006_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7614.5133449074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.c...abs/awaybox.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312