Scan saved at 20:28:28, on 18/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\HistorySweep\HSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\QUICKH~1\qhwscsvc.exe
D:\QUICKH~1\QHONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\QUICKH~1\MailSvr.exe
D:\QUICKH~1\UPSCHD.EXE
D:\QUICKH~1\QHM32.EXE
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\OmniPage SE\opware32.exe
C:\Program Files\WinPortrait\wpctrl.exe
D:\Microsoft Antispyware\gcasServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\pupxpman.exe
C:\Program Files\WinPortrait\floater.exe
D:\PowerDVD\PDVDServ.exe
C:\DOCUME~1\Jake\LOCALS~1\Temp\40000010c00069dd890027\hs.exe
D:\iPod Updater\iPod\bin\iPodService.exe
D:\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1133353862\ee\AOLHostManager.exe
D:\QUICKH~1\QHONLINE.EXE
C:\Program Files\Common Files\AOL\1133353862\ee\AOLServiceHost.exe
D:\Spyware BeGone\SpywareBeGone.exe
D:\Adobe\Reader\reader_sl.exe
D:\AOL 9.0\aoltray.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\program files\common files\aol\1133353862\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133353862\ee\AOLServiceHost.exe
D:\Microsoft Antispyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
D:\AOL 9.0\waol.exe
D:\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\DOCUME~1\Jake\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.m ... sgrInstall
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: (no name) - {FE7953EE-25ED-40D8-A53F-066C124CE023} - D:\HistorySweep\popkill.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] D:\QUICKH~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Live Update Scheduler] D:\QUICKH~1\UPSCHD.EXE /Check
O4 - HKLM\..\Run: [Quick Heal Messenger] D:\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] D:\QUICKH~1\QHSTRT32.EXE /LOADRUN
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [Omnipage] D:\OmniPage SE\opware32.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Microsoft Antispyware\gcasServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] D:\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HistorySweep] "D:\HISTOR~1\HistorySweep.exe" /autostart
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\pupxpman.exe
O4 - HKLM\..\Run: [RemoteControl] D:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133353862\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "D:\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] D:\QUICKH~1\QHSTRT32.EXE /check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] D:\Adobe\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Spyware Begone] "D:\Spyware BeGone\SpywareBeGone.exe" -FastScan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/162107e0a29 ... xIE601.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D2023F3-6DB8-4F01-AE5D-47141F84B5F2}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HistorySweepService - Unknown owner - D:\HistorySweep\HSSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iPod Updater\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - D:\QUICKH~1\qhwscsvc.exe
O23 - Service: Quick Heal Online Protection - Unknown owner - D:\QUICKH~1\QHONSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
The HSSvc.exe is from historysweep 1.6 on the dec 05 pc advisor disc, its the hs.exe in temp that i think is the problem