Logfile of HijackThis v1.99.1
Scan saved at 3:01:55 PM, on 9/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DELL TrueMobile 1180 Wireless USB\WLAN_Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ian.MACDONAL-6BF5BE\Local Settings\Temporary Internet Files\Content.IE5\ST6N0H2N\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://search.bearshare.com/sidebar.html?src=ssbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www/the-exit.com/searchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://www.the-exit.com/searchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.the-exit.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/avcenter/fix_homepage/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.the-exit.com/searchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.the-exit.com/searchR1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://www.the-exit.com/searchR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.the-exit.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [erwghjjrjt] c:\winnt\system32\drivers\ucbcg.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Client Manager.lnk = C:\Program Files\DELL TrueMobile 1180 Wireless USB\WLAN_Cfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='
http://sexmaxx.com/freegalleries.htm';}O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone:
http://www.neopets.comO16 - DPF: {00000000-0000-0000-0000-100005000004} -
http://code.trasferimento.biz/l/4c791e23a585b1d7ea5127848837a5ed_35.exeO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CABO16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) -
http://games.bigfishgames.com/en_mysteryofsharkisla/online/MysteryOfSharkIslandWeb.1.0.0.8.cabO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
http://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) -
http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143755057205O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cabO16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.com/cabs/acclaim_v5.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
http://193.172.162.99:8080/activex/AMC.cabO16 - DPF: {754693AA-011F-40DD-B075-DD4644A47F54} (Importer.Imp) -
http://www.imvu.com/catalog/invite/Importer.CABO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://a.download.toontown.com/sv1.0.25.14/ttinst.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exeO16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
http://87.245.83.189/activex/AMC.cabO20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINNT\system32\rlls.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe