Logfile of HijackThis v1.99.1
Scan saved at 7:56:17 AM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SkinMem\SkinMem.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\slpservice.exe
C:\WINDOWS\system32\slpmonx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Mozilla Firefox\Firefox 1.0.&\firefox.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper -
{69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Web Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE
/AUTORUN
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mimboot.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunProtectionServer] C:\Program Files\Sunbelt
Software\CounterSpy Consumer\sunprotectionserver.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt
Software\CounterSpy Consumer\sunserver.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt
Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt
Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite
Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task
Agent\Task_Agent.exe
O4 - Startup: SkinMem.lnk = C:\Program Files\SkinMem\SkinMem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program
Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: TabUserW.exe.lnk =
C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Check Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: symsupportutil -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://www.comcastsupport.com/sdccommon ... gctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) -
http://members6.clubphoto.com/_img/uplo ... loader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) -
http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class)
- http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager
Control) -
http://dlmanager.akamaitools.com.edgesu ... ns/activex
/dlm-activex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) - http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer)
- https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/o ... winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security
Manager) -
http://wcs00180.egain.net/wcsapp/weblib ... /SecMgr.ca
b
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory
Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6/client/m
uweb_site.cab?1126883660906
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager
Class) - http://www.ofoto.com/downloads/BUM/BUM_ ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... cro.com/ho
usecall/xscan53.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class)
- http://das.microsoft.com/activate/cab/x ... DASAct.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
http://rtc1.webresponse.one.microsoft.c ... EFlash.CAB
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://us.mcafee.com/Apps/WSC/en-us/Wsc ... erCtrl.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments
Control) - https://webresponse.one.microsoft.com/o ... leXfer.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server
Control) - http://209.3.28.204/wg_webeye.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content
Update) - http://www.linksysfix.com/check/netset/ ... downls.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) -
http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class)
-
http://download.mcafee.com/molbin/share ... mcmysec.ca
b
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control)
- http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
-
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter)
- http://www.sunbelt-software.com/evaluat ... terSpy.CAB
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System
Administrator Control) -
http://206.65.172.231/check/netset//ins ... downgc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software
XUpload) - http://www.dotphoto.com/XUpload.ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
- http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15008/CTPID.cab
O23 - Service: APC PBE Agent (APCPBEAgent) - APC -
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC -
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development
Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation -
C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development
Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SLPMONX - ProdEx Technologies -
C:\WINDOWS\System32\slpservice.exe
O23 - Service: TabletService - Wacom Technology, Corp. -
C:\WINDOWS\system32\Tablet.exe
O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program
Files\Turtle Beach\AudioStation\tbaspi.exe