Reply to thread

Message: <blockquote data-quote="packerfan" data-source="post: 851082" data-attributes="member: 546825">Logfile of HijackThis v1.99.1Scan saved at 10:24:12 PM, on 4/29/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\cmdtel.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\ahtun.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\WINDOWS\System32\CTHELPER.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\windows\system32\taskmg.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AIM\aim.exeC:\windows\bdocsay.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Documents and Settings\Justin\Start Menu\Programs\Startup\winupdate16323874[1].exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\WinMX\WinMX.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Justin\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://w-find.com/sp.htm" target="_blank">http://w-find.com/sp.htm</a>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://w-find.com/index.htm" target="_blank">http://w-find.com/index.htm</a>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://w-find.com/index.htm" target="_blank">http://w-find.com/index.htm</a>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.gatewaybiz.com" target="_blank">http://www.gatewaybiz.com</a>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.gatewaybiz.com" target="_blank">http://www.gatewaybiz.com</a>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <a href="http://w-find.com/sp.htm" target="_blank">http://w-find.com/sp.htm</a>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <a href="http://w-find.com/index.htm" target="_blank">http://w-find.com/index.htm</a>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &amp; Destroy\SDHelper.dllO2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dllO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [tcrauvl] c:\windows\bdocsay.exeO4 - HKCU\..\Run: [vpcmvss] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [ihschxf] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [tqocsva] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [kcmncgu] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [xristvr] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [pllklit] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [riclmfp] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [dfmefko] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [ugbmxdp] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [grsuyur] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [chlewem] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [ivtcebd] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [urdgowe] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [eaiqbpb] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [cdpdltq] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [ntfooyu] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [tchkkru] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [ejjkvtl] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [jehxlbp] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [floctxi] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [rlfnfpy] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [njhucte] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [lylmokl] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [unqfqjj] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [lfscpwm] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [rldnavo] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [tsegsxc] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [fiipirp] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [prflqdm] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [xjvjtkw] c:\windows\qumdsra.exeO4 - HKCU\..\Run: [pktaqfm] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [rtdrxrd] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [agemyrc] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [qwbjmhj] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [dpcjvgm] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [mdrexrf] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [agwrxhm] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [bvkpfkr] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [hcgmger] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [txinlvt] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [pndsnwm] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [hkknnkh] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [mrhcwcs] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [nvjhupl] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [ltqwwqh] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [ufmdlcl] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [ijkywuj] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [lcjeuwn] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [fahxobq] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [tadkjsf] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [hmxwdem] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [hrswrhd] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [jsdahih] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [aiyqbps] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [lfpldkm] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [qdmfupq] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [ssusqau] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [lscvymh] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [bdqdjuk] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [vqswdjp] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [hepyqdc] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [aeeciym] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [mmeelya] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [gsrkbec] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [uipuqwk] c:\windows\xsxsfee.exeO4 - HKCU\..\Run: [ctognxr] c:\windows\xsxsfee.exeO4 - HKCU\..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exeO4 - Startup: winupdate16323874[1].exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra button: Microsoft AntiSpyware helper - {4DB2EBAE-F08D-4B31-B9B6-AC507DB3D65F} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DB2EBAE-F08D-4B31-B9B6-AC507DB3D65F} - (no file) (HKCU)O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dllO23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS</blockquote>

Verification

Top

What's new

Forum list