Logfile of HijackThis v1.99.1
Scan saved at 5:06:54 PM, on 4/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\program files\sygate\ssa\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
F:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
F:\Downloaded Programs\Process Explorer\ProcessExplorerNt\procexp.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\mshta.exe
F:\Program Files\CCleaner\ccleaner.exe
F:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/?lang=en-CA
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [FreeRAM XP] "F:\Program Files\YourWare Solutions\FreeRAM XP
Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: services.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search -
http://kb.bar.need2f...earch.html?p=KB
O8 - Extra context menu item: Encarta &Definition -
http://ca.encarta.ms...kDictionary.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control)
- http://install.anark...en/AMClient.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control)
- http://install.anark...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent
6.6) -
http://housecall65.t...n32/activex/hcI
mpl.cab
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) -
http://eserv.sympati...adaPortalAX.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group
Hardware Control) -
https://disneyblast....wareControl.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co....cab?10,0,911,0
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) -
http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base
Module) -
http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) -
http://appdirectory....ap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...nt/muweb_site.c
ab?1149895973109
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent
6.5) -
http://housecall65.t...n32/activex/hcI
mpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://tv.disney.go....y/OTOYAX29b.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = implementation.teranet.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7C8C2-71C4-419A-BBB2-ADFEA40EC620}:
NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F9D6EC-921F-4085-8DB3-DB898567EAB2}:
Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F9D6EC-921F-4085-8DB3-DB898567EAB2}:
NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA4DCD52-FABC-405B-919F-B7BFE2A6238B}:
NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = implementation.teranet.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
implementation.teranet.ca,teranet.ca,datacentres.teranet.ca,corp.teranet.ca,sandbox.
teranet.ca,teranet.on.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.41
85.255.112.125
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = implementation.teranet.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =
implementation.teranet.ca,teranet.ca,datacentres.teranet.ca,corp.teranet.ca,sandbox.
teranet.ca,teranet.on.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.41
85.255.112.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
implementation.teranet.ca,teranet.ca,datacentres.teranet.ca,corp.teranet.ca,sandbox.
teranet.ca,teranet.on.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.41
85.255.112.125
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
D:\CDS300\__CDS2.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program
Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation -
C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec
Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SBHookSvc - Unknown owner -
C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe (file missing)
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. -
C:\program files\sygate\ssa\smc.exe
O23 - Service: SysEnforce - Unknown owner - F:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
(file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file
missing)