Logfile of
HijackThis
v1.99.1
Scan saved at
9:32:21 PM, on
9/20/2005
Platform:
Windows XP SP2
(WinNT
5.01.2600)
MSIE: Internet
Explorer v6.00
SP2
(6.00.2900.218
0)
Running
processes:
C:\WINDOWS\S
ystem32\smss.ex
e
C:\WINDOWS\s
ystem32\csrss.ex
e
C:\WINDOWS\s
ystem32\winlog
on.exe
C:\WINDOWS\s
ystem32\services
.exe
C:\WINDOWS\s
ystem32\lsass.ex
e
C:\WINDOWS\s
ystem32\svchost
.exe
C:\WINDOWS\s
ystem32\svchost
.exe
C:\WINDOWS\S
ystem32\svchost
.exe
C:\WINDOWS\S
ystem32\svchost
.exe
C:\WINDOWS\S
ystem32\svchost
.exe
C:\WINDOWS\s
ystem32\LEXBC
ES.EXE
C:\WINDOWS\s
ystem32\spoolsv
.exe
C:\WINDOWS\s
ystem32\LEXPPS
.EXE
C:\Program
Files\Common
Files\Symantec
Shared\ccSetMgr.
exe
C:\Program
Files\Common
Files\Microsoft
Shared\VS7DEBU
G\MDM.EXE
C:\Program
Files\Norton
AntiVirus\navap
svc.exe
C:\Program
Files\Norton
Utilities\NPROT
ECT.EXE
C:\WINDOWS\S
ystem32\nvsvc3
2.exe
C:\Program
Files\Norton
AntiVirus\SAVSc
an.exe
C:\PROGRA~1\S
PEEDD~1\nopd
b.exe
C:\WINDOWS\S
ystem32\svchost
.exe
C:\WINDOWS\s
ystem32\wdfmgr
.exe
C:\Program
Files\Common
Files\Symantec
Shared\ccEvtMgr
.exe
C:\Program
Files\Common
Files\Symantec
Shared\Security
Center\SymWSC
.exe
C:\WINDOWS\S
ystem32\alg.exe
C:\WINDOWS\E
xplorer.EXE
C:\WINDOWS\s
ystem32\wscntfy
.exe
C:\PROGRA~1\
TEXTBR~1.0\Bi
n\INSTAN~1.E
XE
C:\WINDOWS\s
ystem32\ctfmon
.exe
C:\Program
Files\a2\a2guard
.exe
C:\Program
Files\BigFix\BigF
ix.exe
C:\Program
Files\Norton
Utilities\SYSDOC
32.EXE
C:\Program
Files\palmOne\H
OTSYNC.EXE
C:\Program
Files\Internet
Explorer\IEXPLO
RE.EXE
C:\WINDOWS\s
ystem32\DllHost
.exe
C:\Documents
and
Settings\Sarah
Champ\Desktop\
HijackThis.exe
R0 -
HKCU\Software\
Microsoft\Intern
et
Explorer\Main,St
art Page =
http://www.myt
elus.com/home
_page.html
O2 - BHO:
AcroIEHlprObj
Class -
{06849E9F-C8D
7-4D59-B87D-7
84B7D6BE0B3}
- C:\Program
Files\Adobe\Acr
obat
7.0\ActiveX\Acr
oIEHelper.dll
O2 - BHO: (no
name) -
{549B5CA7-4A
86-11D7-A4DF-
000874180BB3
} - (no file)
O2 - BHO: (no
name) -
{5C8B2A36-3DB
1-42A4-A3CB-
D426709BBFEB}
- (no file)
O2 - BHO:
MSEvents Object
-
{827DC836-DD9
F-4A68-A602-
5812EB50A834}
-
C:\WINDOWS\C
ursors\fontsrv.dll
O2 - BHO:
Google Toolbar
Helper -
{AA58ED58-01
DD-4d91-8333-
CF10577473F7}
- c:\program
files\google\goo
gletoolbar2.dll
O2 - BHO:
CNavExtBho
Class -
{BDF3E430-B10
1-42AD-A544-
FADC6B084872
} - C:\Program
Files\Norton
AntiVirus\NavSh
Ext.dll
O3 - Toolbar:
Norton
AntiVirus -
{42CDD1BF-3FF
B-4238-8AD1-7
859DF00B1D6}
- C:\Program
Files\Norton
AntiVirus\NavSh
Ext.dll
O3 - Toolbar:
&Google -
{2318C2B1-4965
-11d4-9B18-009
027A5CD4F} -
c:\program
files\google\goo
gletoolbar2.dll
O4 -
HKLM\..\Run:
[InstantAccess]
C:\PROGRA~1\
TEXTBR~1.0\Bi
n\INSTAN~1.E
XE /h
O4 -
HKLM\..\Run:
[NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\s
ystem32\NvCpl.
dll,NvStartup
O4 -
HKLM\..\RunSer
vices:
[RegisterDropHa
ndler]
C:\PROGRA~1\
TEXTBR~1.0\Bi
n\REGIST~1.EX
E
O4 -
HKCU\..\Run:
[ctfmon.exe]
C:\WINDOWS\s
ystem32\ctfmon
.exe
O4 -
HKCU\..\Run:
[a-squared]
"C:\Program
Files\a2\a2guard
.exe"
O4 - Startup:
HotSync
Manager.lnk =
C:\Program
Files\palmOne\H
OTSYNC.EXE
O4 - Global
Startup: Adobe
Reader Speed
Launch.lnk =
C:\Program
Files\Adobe\Acr
obat
7.0\Reader\read
er_sl.exe
O4 - Global
Startup:
BigFix.lnk =
C:\Program
Files\BigFix\BigF
ix.exe
O4 - Global
Startup: Norton
System
Doctor.lnk =
C:\Program
Files\Norton
Utilities\SYSDOC
32.EXE
O8 - Extra
context menu
item: &eBay
Search -
res://C:\Progra
m
Files\eBay\eBay
Toolbar2\eBayT
b.dll/RCSearch.h
tml
O8 - Extra
context menu
item: &Google
Search -
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmsearch.html
O8 - Extra
context menu
item: &Translate
English Word -
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmwordtrans.ht
ml
O8 - Extra
context menu
item: Backward
Links -
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmbacklinks.ht
ml
O8 - Extra
context menu
item: Cached
Snapshot of Page
-
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmcache.html
O8 - Extra
context menu
item: Similar
Pages -
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmsimilar.html
O8 - Extra
context menu
item: Translate
Page into
English -
res://c:\program
files\google\Goo
gleToolbar2.dll/
cmtrans.html
O9 - Extra
button: (no
name) -
{08B0E5C0-4F
CB-11CF-AAA5
-00401C60850
1} - C:\Program
Files\Java\j2re1.4
.2\bin\npjpi142.
dll
O9 - Extra
'Tools'
menuitem: Sun
Java Console -
{08B0E5C0-4F
CB-11CF-AAA5
-00401C60850
1} - C:\Program
Files\Java\j2re1.4
.2\bin\npjpi142.
dll
O9 - Extra
button: ICQ -
{6224f700-cba3
-4071-b251-47c
b894244cd} -
C:\Program
Files\ICQ\ICQ.ex
e
O9 - Extra
'Tools'
menuitem: ICQ
-
{6224f700-cba3
-4071-b251-47c
b894244cd} -
C:\Program
Files\ICQ\ICQ.ex
e
O9 - Extra
button:
EmpirePoker -
{77E68763-428
4-41d6-B7E7-B6
E1F053A9E7} -
C:\Program
Files\EmpirePok
er\EmpirePoker.
exe (file
missing)
O9 - Extra
'Tools'
menuitem:
EmpirePoker -
{77E68763-428
4-41d6-B7E7-B6
E1F053A9E7} -
C:\Program
Files\EmpirePok
er\EmpirePoker.
exe (file
missing)
O9 - Extra
button: Research
-
{92780B25-18C
C-41C8-B9BE-3
C9C571A8263} -
C:\PROGRA~1\
MI1933~1\OFFI
CE11\REFIEBAR.
DLL
O9 - Extra
button:
Real.com -
{CD67F990-D8E
9-11d2-98FE-0
0C0F0318AFE}
-
C:\WINDOWS\S
ystem32\Shdocv
w.dll
O9 - Extra
button:
Messenger -
{FB5F1910-F110
-11d2-BB9E-00
C04F795683} -
C:\Program
Files\Messenger\
msmsgs.exe (file
missing)
O9 - Extra
'Tools'
menuitem:
Windows
Messenger -
{FB5F1910-F110
-11d2-BB9E-00
C04F795683} -
C:\Program
Files\Messenger\
msmsgs.exe (file
missing)
O14 -
IERESET.INF:
START_PAGE_U
RL=http://www.
emachines.com
O16 - DPF:
{04E214E5-63A
F-4236-83C6-A
7ADCBF9BD02}
(HouseCall
Control) -
http://housecall
60.trendmicro.c
om/housecall/xs
can60.cab
O16 - DPF:
{17492023-C23
A-453E-A040-
C7C580BBF700
} (Windows
Genuine
Advantage
Validation Tool)
-
http://go.micros
oft.com/fwlink/
?linkid=39204
O16 - DPF:
{2BC66F54-93A
8-11D3-BEB6-0
0105AA9B6AE}
(Symantec
AntiVirus
scanner) -
http://security.s
ymantec.com/ss
cv6/SharedCont
ent/vc/bin/AvS
niff.cab
O16 - DPF:
{31E68DE2-554
8-4B23-88F0-C
51E6A0F695E}
(Microsoft PID
Sniffer) -
https://support.
microsoft.com/
OAS/ActiveX/o
dc.cab
O16 - DPF:
{32305793-C19
A-48E7-AD2F-
D87FF7B264A4
}
(TenebrilSpywar
eScanner
Control) -
http://www.spyc
atcher.com/scan
ner/TestScanner.
ocx
O16 - DPF:
{644E432F-49D
3-41A1-8DD5-E
099162EEEC5}
(Symantec RuFSI
Utility Class) -
http://security.s
ymantec.com/ss
cv6/SharedCont
ent/common/bi
n/cabsa.cab
O16 - DPF:
{6E32070A-766
D-4EE6-879C-D
C1FA91D2FC3}
(MUWebContro
l Class) -
http://update.m
icrosoft.com/mi
crosoftupdate/v
6/V5Controls/e
n/x86/client/m
uweb_site.cab?11
26449156953
O16 - DPF:
{74D05D43-323
6-11D4-BDCD-0
0C04F9A3B61}
(HouseCall
Control) -
http://a840.g.ak
amai.net/7/840
/537/20040610
01/housecall.tre
ndmicro.com/h
ousecall/xscan53
.cab
O16 - DPF:
{77E32299-629
F-43C6-AB77-6
A1E6D7663F6}
(Groove
Control) -
http://www.nick
.com/common/
groove/gx/Groo
veAX27.cab
O16 - DPF:
{C02226EB-A5
D7-4B1F-BD7E-
635E46C2288D}
(Toontown
Installer ActiveX
Control) -
http://download
.toontown.com/
sv1.0.15.31/ttinst
.cab
O16 - DPF:
{DF780F87-FF2
B-4DF8-92D0-7
3DB16A1543A}
(PopCapLoader
Object) -
http://antu.pop
cap.com/games/
popcaploader_v5
.cab
O20 -
Winlogon
Notify: fontsrv -
C:\WINDOWS\C
ursors\fontsrv.dll
O23 - Service:
Symantec Event
Manager
(ccEvtMgr) -
Symantec
Corporation -
C:\Program
Files\Common
Files\Symantec
Shared\ccEvtMgr
.exe
O23 - Service:
Symantec
Password
Validation
(ccPwdSvc) -
Symantec
Corporation -
C:\Program
Files\Common
Files\Symantec
Shared\ccPwdSvc
.exe
O23 - Service:
Symantec
Settings
Manager
(ccSetMgr) -
Symantec
Corporation -
C:\Program
Files\Common
Files\Symantec
Shared\ccSetMgr.
exe
O23 - Service:
LexBce Server
(LexBceS) -
Lexmark
International,
Inc. -
C:\WINDOWS\s
ystem32\LEXBC
ES.EXE
O23 - Service:
Norton
AntiVirus Auto
Protect Service
(navapsvc) -
Symantec
Corporation -
C:\Program
Files\Norton
AntiVirus\navap
svc.exe
O23 - Service:
Norton Unerase
Protection
(NProtectServic
e) - Symantec
Corporation -
C:\Program
Files\Norton
Utilities\NPROT
ECT.EXE
O23 - Service:
NVIDIA Display
Driver Service
(NVSvc) -
NVIDIA
Corporation -
C:\WINDOWS\S
ystem32\nvsvc3
2.exe
O23 - Service:
SAVScan -
Symantec
Corporation -
C:\Program
Files\Norton
AntiVirus\SAVSc
an.exe
O23 - Service:
ScriptBlocking
Service
(SBService) -
Symantec
Corporation -
C:\PROGRA~1\
COMMON~1\S
YMANT~1\SCRI
PT~1\SBServ.exe
O23 - Service:
Symantec
Network Drivers
Service
(SNDSrvc) -
Symantec
Corporation -
C:\Program
Files\Common
Files\Symantec
Shared\SNDSrvc.
exe
O23 - Service:
Speed Disk
service -
Symantec
Corporation -
C:\PROGRA~1\S
PEEDD~1\nopd
b.exe
O23 - Service:
SymWMI Service
(SymWSC) -
Symantec
Corporation -
C:\Program
Files\Common
Files\Symantec
Shared\Security
Center\SymWSC
.exe