Logfile of HijackThis v1.98.2
Scan saved at 10:58:53 PM, on 9/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\wmconnect\wwm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LeechGet 2004\LeechGet.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hallindseyoracle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0C3AEF62-845B-F31B-307B-AD0E360F5121} - C:\WINDOWS\System32\nmebolkg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {75B1FAE6-B49B-3473-0568-AE174480E386} - C:\WINDOWS\System32\hufuzftw.dll
O2 - BHO: (no name) - {8B6A13B1-F837-195E-D6A6-FAB0D05A30F5} - C:\WINDOWS\System32\uruvlfga.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} -
http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} -
http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) -
http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094487244593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) -
http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4354/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E4B321-C652-4156-85B5-8FE28D4F5B8B}: NameServer = 205.188.146.146
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll