Logfile of HijackThis v1.99.1 Scan saved at 9:17:02 PM, on 4/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Windows folder: F:\WINDOWS System folder: F:\WINDOWS\SYSTEM32 Hosts file: F:\WINDOWS\System32\drivers\etc\hosts Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Ahead\InCD\InCDsrv.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe F:\Program Files\Symantec AntiVirus\DefWatch.exe F:\WINDOWS\system32\inetsrv\inetinfo.exe F:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe F:\WINDOWS\System32\tcpsvcs.exe F:\WINDOWS\System32\snmp.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Symantec AntiVirus\Rtvscan.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\PROGRA~1\SYMANT~1\VPTray.exe F:\Program Files\HP\hpcoretech\hpcmpmgr.exe F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe F:\Program Files\Common Files\AOL\ACS\AOLDial.exe F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe F:\Program Files\QuickTime\qttask.exe F:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\Program Files\Ahead\InCD\InCD.exe F:\WINDOWS\system32\taskswitch.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe F:\Program Files\PowerMenu\PowerMenu.exe F:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe F:\PROGRA~1\COMMON~1\AOL\111430~1\EE\AOLHOS~1.EXE F:\Program Files\OpenOffice.org 1.9.95\program\soffice.exe F:\PROGRA~1\COMMON~1\AOL\111430~1\EE\AOLServiceHost.exe F:\Program Files\HP\hpcoretech\comp\hptskmgr.exe F:\Program Files\OpenOffice.org 1.9.95\program\soffice.BIN F:\Program Files\Internet Explorer\iexplore.exe F:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vt.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (filesize 63136 bytes, MD5 42729C3DE75A7A51FC6F9EF6546C9199) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 744960 bytes, MD5 ABF5BA518C6A5ED104496FF42D19AD88) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll (filesize 720896 bytes, MD5 D4E9B7B696E8C40A0E5CB76621A03EE4) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll (filesize 720896 bytes, MD5 D4E9B7B696E8C40A0E5CB76621A03EE4) O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack (filesize 33280 bytes, MD5 DA285490BBD8A1D0CE6623577D5BA1FF) O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Probe\AsusProb.exeF:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe" (filesize 67184 bytes, MD5 EB992A85C604A9977E1161E6560BA611) O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exeF:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (filesize 233472 bytes, MD5 48EA078D949B13CDC06A47DF20489B9C) O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" (filesize 49152 bytes, MD5 4575C69BC34B111C99A5DFBE8AF10EBB) O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeF:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exeF:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1114308405\EE\AOLHostManager.exeF:\Program Files\Common Files\AOL\1114308405\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exeF:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" (filesize 79448 bytes, MD5 747F55208A1508DB7B91E0E1FE0EF23A) O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime (filesize 98304 bytes, MD5 C341CCFBE98BC7DF6E0B856BB9FC265A) O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (filesize 180269 bytes, MD5 77ED13FD3196EBC7311CCD6899C7488C) O4 - HKLM\..\Run: [Pure Networks Port Magic] "F:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run (filesize 99480 bytes, MD5 BA99C608A075C44026720D5383F3D75B) O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exeF:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] F:\Program Files\Ahead\InCD\InCD.exeF:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exeF:\WINDOWS\system32\taskswitch.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exeF:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (filesize 6815744 bytes, MD5 D846554575A9F571D6B891153FAA0C50) O4 - Startup: OpenOffice.org 1.9.95.lnk = F:\Program Files\OpenOffice.org 1.9.95\program\quickstart.exe (filesize 61440 bytes, MD5 F629F72337A4E5E81B65976DA53904CD) O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DEB88AEF013DD1EEFB462D7CAD642166) O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (filesize 184320 bytes, MD5 B43EC2FD9819A4D428E63F59E57A8589) O4 - Global Startup: PowerMenu.lnk = F:\Program Files\PowerMenu\PowerMenu.exe (filesize 57344 bytes, MD5 CD1606AC1029DFCBE630F86598133635) O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll (filesize 65650 bytes, MD5 F0D7F1B4A1D8053917B9E913B0E33A73) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll (filesize 65650 bytes, MD5 F0D7F1B4A1D8053917B9E913B0E33A73) O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll (filesize 212992 bytes, MD5 4EABC79426C1895ADA0E06948AAB3F5D) O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll (filesize 212992 bytes, MD5 4EABC79426C1895ADA0E06948AAB3F5D) O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll (filesize 212992 bytes, MD5 4EABC79426C1895ADA0E06948AAB3F5D) O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll (filesize 212992 bytes, MD5 4EABC79426C1895ADA0E06948AAB3F5D) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll (filesize 1483264 bytes, MD5 AE8AB1175327702D3A6F10DC122C254E) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (filesize 1611480 bytes, MD5 8B04AE828D82F74BCEE9FDF3F7A4AC00) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (filesize 1611480 bytes, MD5 8B04AE828D82F74BCEE9FDF3F7A4AC00) O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - O20 - Winlogon Notify: ComPlusSetup - F:\WINDOWS\system32\catsrvut.dllF:\WINDOWS\system32\catsrvut.dll O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dllF:\WINDOWS\system32\NavLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeF:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - F:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeF:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeF:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeF:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeF:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exeF:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exeF:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - F:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exeF:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exeF:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeF:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exeF:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exeF:\Program Files\Symantec AntiVirus\Rtvscan.exe