Logfile of HijackThis v1.99.1
Scan saved at 10:46:58 PM, on 6/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lznnsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\bjzvdll.EXE
C:\WINDOWS\bjzvenc.EXE
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\scrsvc.exe
C:\WINDOWS\System32\bootpd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\vnrznp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\bootpd.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ortr\ntst.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\scvvhost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\chow anaya\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\CHOWAN~1\LOCALS~1\Temp\jyzibcrytel.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [s3rk3sU] cht71.exe
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [bjzvdll] C:\WINDOWS\bjzvdll.EXE
O4 - HKLM\..\Run: [bjzvenc] C:\WINDOWS\bjzvenc.EXE
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [7rtbip08] C:\WINDOWS\System32\7rtbip08.exe
O4 - HKLM\..\Run: [thpcre] c:\windows\system32\fsdxdwl.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteckj32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vnrznp.exe reg_run
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [dmdskres] C:\WINDOWS\System32\dmdskres.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [d00qRiY5j] ccfkcs32.exe
O4 - HKCU\..\Run: [Arun] C:\Program Files\ortr\ntst.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/c ... /kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/part ... nstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/act ... Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\l6l6lg3s16.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\lznnsvc.exe