Logfile of HijackThis v1.97.7
Scan saved at 6:34:29 PM, on 4/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sell Future Payment - http://213.159.118.226/tools.php?qq=Sell+Future+Payment
O8 - Extra context menu item: Time Clock - http://213.159.118.226/tools.php?qq=Time+Clock
O8 - Extra context menu item: Tramadol - http://213.159.118.226/tools.php?qq=Tramadol
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Time Clock (HKLM)
O9 - Extra 'Tools' menuitem: Tramadol (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: Sell Future Payment (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://freednshost.info/page/
O13 - WWW Prefix: http://freednshost.info/page/
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1078932311468
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BDB26D2-A086-49F0-BECB-1A7894F724DF}: NameServer = 194.109.104.104 194.109.6.66
Scan saved at 6:34:29 PM, on 4/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sell Future Payment - http://213.159.118.226/tools.php?qq=Sell+Future+Payment
O8 - Extra context menu item: Time Clock - http://213.159.118.226/tools.php?qq=Time+Clock
O8 - Extra context menu item: Tramadol - http://213.159.118.226/tools.php?qq=Tramadol
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Time Clock (HKLM)
O9 - Extra 'Tools' menuitem: Tramadol (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: Sell Future Payment (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://freednshost.info/page/
O13 - WWW Prefix: http://freednshost.info/page/
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1078932311468
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BDB26D2-A086-49F0-BECB-1A7894F724DF}: NameServer = 194.109.104.104 194.109.6.66