Scan saved at 18:06:39, on 15/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital TV\dvbapp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LLoyd\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 219.117.228.244 http://www.mybittorrent.com
O1 - Hosts: 213.171.193.6 http://www.computermarkets.co.uk
O1 - Hosts: 207.126.123.20 compactiongames.about.com
O1 - Hosts: 207.171.175.21 http://www.amazon.co.uk
O1 - Hosts: 209.133.53.130 http://www.annoyances.org
O1 - Hosts: 67.18.157.186 http://www.barefoothorse.com
O1 - Hosts: 195.40.67.171 web.ukonline.co.uk
O1 - Hosts: 202.191.32.7 http://www.equinerehab.co.nz
O1 - Hosts: 62.73.191.151 ww2.focusmm.co.uk
O1 - Hosts: 213.221.162.30 shop.game.net
O1 - Hosts: 195.20.233.201 http://www.gogames.co.uk
O1 - Hosts: 83.138.187.65 http://www.thehorseexchange.com
O1 - Hosts: 83.138.187.65 http://www.thehorseexchange.com
O1 - Hosts: 82.165.180.19 www.malwareremoval.com/forum
O1 - Hosts: 83.138.187.65 http://www.thehorseexchange.com
O1 - Hosts: 213.167.82.37 http://www.play.com
O1 - Hosts: 70.84.228.2 psms.gamebase.ca
O1 - Hosts: 66.35.250.210 http://www.scummvm.org
O1 - Hosts: 38.113.1.151 http://www.barefoottrim.com
O1 - Hosts: 84.53.143.142 housecall60.trendmicro.com
O1 - Hosts: 64.224.110.140 http://www.tribeequus.com
O1 - Hosts: 70.84.108.116 vba.ngemu.com
O1 - Hosts: 62.7.244.127 http://www.bt.com
O1 - Hosts: 193.127.193.36 http://www.cahoot.com
O1 - Hosts: 81.86.119.58
O1 - Hosts: 212.137.62.38 http://www.adviceguide.org.uk
O1 - Hosts: 212.137.62.38 http://www.citizensadvice.org.uk
O1 - Hosts: 81.86.119.58
O1 - Hosts: 212.137.62.38 http://www.adviceguide.org.uk
O1 - Hosts: 217.140.42.72 http://www.wales.gov.uk
O1 - Hosts: 62.25.98.70 http://www.nationaldebtline.co.uk
O1 - Hosts: 62.105.93.97 http://www.nochex.com
O1 - Hosts: 81.86.119.58
O1 - Hosts: 194.152.87.158 http://www.firstfinancial.co.uk
O1 - Hosts: 194.79.240.232 http://www.housingcorp.gov.uk
O1 - Hosts: 195.190.132.10 http://www.national-lottery.co.uk
O1 - Hosts: 217.140.42.87 http://www.housing.wales.gov.uk
O1 - Hosts: 216.220.38.20 http://www.xe.net
O1 - Hosts: 81.29.77.200 http://www.easybg.com
O1 - Hosts: 195.161.113.90 http://www.andr.net
O1 - Hosts: 66.250.54.213 astalavista.box.sk
O1 - Hosts: 83.149.104.56 http://www.crackserver.com
O1 - Hosts: 81.3.150.144 http://www.cracksweb.com
O1 - Hosts: 195.161.113.90 http://www.crackz.ws
O1 - Hosts: 83.98.158.164 crackzplanet.net
O1 - Hosts: 193.110.231.162 http://www.ffflovers.glt.pl
O1 - Hosts: 147.45.35.153 http://www.freeserials.com
O1 - Hosts: 216.194.70.4 jazz3d.cjb.net
O1 - Hosts: 66.218.77.68 uk.geocities.com
O1 - Hosts: 212.27.63.66 nwow.free.fr
O1 - Hosts: 83.98.158.163 nfodb.net
O1 - Hosts: 80.190.192.49 http://www.serialz.to
O1 - Hosts: 83.98.158.139 http://www.serials.ws
O1 - Hosts: 66.98.196.16 http://www.scteam.org
O1 - Hosts: 80.190.192.69 search.astalavista.de
O1 - Hosts: 83.98.158.162 directdl.com
O1 - Hosts: 195.161.112.29 http://www.astalavista.us
O1 - Hosts: 64.62.194.38 codeguys.rpc1.org
O1 - Hosts: 84.53.143.144 http://www.creative.com
O1 - Hosts: 216.18.70.58 http://www.daytek.ca
O1 - Hosts: 193.195.96.152 http://www.dtg.org.uk
O1 - Hosts: 64.49.252.102 members.driverguide.com
O1 - Hosts: 202.145.180.10 http://www.liteonit.com.tw
O1 - Hosts: 202.145.180.10 http://www.liteonit.com.tw
O1 - Hosts: 217.67.238.30 club.cdfreaks.com
O1 - Hosts: 64.62.194.38 dhc014.rpc1.org
O1 - Hosts: 216.228.113.54 http://www.nvidia.com
O1 - Hosts: 216.61.164.89 http://www.soundblaster.com
O1 - Hosts: 64.62.194.38 forum.rpc1.org
O1 - Hosts: 193.172.19.72 http://www.epson.co.uk
O1 - Hosts: 60.248.39.228 http://www.ultima.com.tw
O1 - Hosts: 63.236.73.232 http://www.windrivers.com
O1 - Hosts: 70.85.60.84 forums.afterdawn.com
O1 - Hosts: 67.18.22.169 http://www.audiovideosoft.com
O1 - Hosts: 213.167.72.143 www6.cd-wow.com
O1 - Hosts: 212.199.125.53 http://www.cdcovers.cc
O1 - Hosts: 207.58.142.58 http://www.dvdanswers.com
O1 - Hosts: 65.39.211.100 mintiebear.bravehost.com
O1 - Hosts: 199.181.132.175 movies.go.com
O1 - Hosts: 207.171.175.23 http://www.imdb.com
O1 - Hosts: 83.231.133.57 ukdvdr.co.uk
O1 - Hosts: 66.98.192.103 http://www.vcdquality.com
O1 - Hosts: 66.7.181.195 videodetective.com
O1 - Hosts: 213.232.121.40 http://www.dvd.reviewer.co.uk
O1 - Hosts: 217.12.5.164 home.bt.yahoo.com
O1 - Hosts: 130.94.6.252 uk.tickle.com
O1 - Hosts: 207.46.19.30 http://www.microsoft.com
O1 - Hosts: 193.173.46.197 panel.gfkmedia.co.uk
O1 - Hosts: 212.227.253.104 http://www.safer-networking.org
O1 - Hosts: 65.54.183.195 login.passport.net
O1 - Hosts: 62.241.160.129 http://www.solo.pipex.net
O1 - Hosts: 64.91.229.66 http://www.mortiis.com
O1 - Hosts: 66.218.77.81 uk.geocities.yahoo.com
O1 - Hosts: 216.109.116.239 privacy.yahoo.com
O1 - Hosts: 217.12.3.11 uk.yahoo.com
O1 - Hosts: 66.225.255.69 http://www.free-isp-uk.co.uk
O1 - Hosts: 212.74.112.110 http://www.uko1.co.uk
O1 - Hosts: 217.20.42.240 http://www.freeukisp.co.uk
O1 - Hosts: 212.67.202.199 http://www.net4nowt.com
O1 - Hosts: 212.135.1.96 http://www.ukonline.net
O1 - Hosts: 213.212.70.132 http://www.uku.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital TV.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .MP4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/y ... r1_8us.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/d ... se1524.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8706711256
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/template ... rol023.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{48994251-BDD1-45E5-A208-BC13B05F93F9}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
I would like to wish All you at Malware
A Very Merry Xmas and Prosperous New Year
cheers
LLoyd Moritss