Logfile of HijackThis v1.99.1
Scan saved at 10:34:38 PM, on 3/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SHA256\secure.exe
C:\WINDOWS\smss.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Documents and Settings\Russell\My Documents\My Received
Files\ProcessExplorerNt\procexp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\dialer.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Russell\Local
Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = about:blank
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft
Shared\Web Folders\ibm00003.exe", msmsgs.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20079\winlogon.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}
- C:\WINDOWS\System32\hp36CC.tmp
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
(file missing)
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program
Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce]
C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [SmallAndSecure] mssecure.exe
O4 - HKLM\..\Run: [Windows Update]
C:\WINDOWS\System32\jmfbo.exe
O4 - HKLM\..\Run: [Microsoft Update] wudmate.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink
Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Propel Accelerator]
"C:\PROGRA~1\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrust Realtime Monitor]
C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Program
Files\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin]
C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Program Files\Common
files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client]
C:\WINDOWS\System32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [SHA256] C:\Program
Files\SHA256\secure.exe
O4 - HKLM\..\Run: [Microsoft standard protector]
C:\WINDOWS\inet20079\socks.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program
Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SysTray] C:\Program Files\qbojgwg.exe
O4 - HKLM\..\Run: [c1bf19dd.exe]
C:\WINDOWS\System32\c1bf19dd.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager
Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [termcaps]
C:\WINDOWS\System32\termcaps.exe
O4 - HKLM\..\Run: [ISUSScheduler]
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Windows Logon Process]
C:\WINDOWS\winlogon.exe
O4 - HKLM\..\RunServices: [SmallAndSecure] mssecure.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wudmate.exe
O4 - HKLM\..\RunServices: [termcaps]
C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [SmallAndSecure] mssecure.exe
O4 - HKCU\..\Run: [Microsoft Update] wudmate.exe
O4 - HKCU\..\Run: [c1bf19dd.exe] C:\Documents and
Settings\Russell\Local Settings\Application
Data\c1bf19dd.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common
Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [termcaps]
C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WinMedia]
C:\DOCUME~1\Russell\LOCALS~1\Temp\85907438.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk =
C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk =
C:\WINDOWS\Temp\VIES7953\Setup.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment
Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk
= ?
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC
Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC
Accelerated\pac-image.html
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Blackjack -
http://download.game...nts/y/jt0_x.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC
Web Installer) -
http://www.peoplepc....oad/ppcwebi.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7125A1E8-584D-4A4C-9328-
790EFDAFD429}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: Sebring -
C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2
(EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program
Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Logon Process Service
(MSWinLogonProcService) - Unknown owner -
C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service
(navapsvc) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel®
Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService)
- Symantec Corporation - C:\Program Files\Norton
AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation -
C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) -
Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe