abs1nthe
2006-08-17, 01:48
Well anyway i was just curious of what this is and whether or not it is a virus/spyware ..Ive done multiple querys on different search engines and came up with little results.. so heres my log curious to see what you have to say and if it is a problem a fast fix :)
Logfile of HijackThis v1.99.1
Scan saved at 6:42:18 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\rpcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O1 - Hosts: 84.252.148.18 www.bankone.com
O1 - Hosts: 84.252.148.18 bankone.com
O1 - Hosts: 84.252.148.18 halifax.com
O1 - Hosts: 84.252.148.18 www.halifax.com
O1 - Hosts: 84.252.148.18 halifax.co.uk
O1 - Hosts: 84.252.148.18 www.halifax.co.uk
O1 - Hosts: 84.252.148.18 www.bankofamerica.com
O1 - Hosts: 84.252.148.18 bankofamerica.com
O1 - Hosts: 84.252.148.18 www.paypal.com
O1 - Hosts: 84.252.148.18 paypal.com
O1 - Hosts: 84.252.148.18 www.lloydstsb.com
O1 - Hosts: 84.252.148.18 lloydstsb.com
O1 - Hosts: 84.252.148.18 www.lloydstsb.co.uk
O1 - Hosts: 84.252.148.18 lloydstsb.co.uk
O1 - Hosts: 84.252.148.18 www.garanti.com.tr
O1 - Hosts: 84.252.148.18 garanti.com.tr
O1 - Hosts: 84.252.148.18 www.kocbank.com.tr
O1 - Hosts: 84.252.148.18 kocbank.com.tr
O1 - Hosts: 84.252.148.18 www.disbank.com.tr
O1 - Hosts: 84.252.148.18 disbank.com.tr
O1 - Hosts: 84.252.148.18 www.chase.com
O1 - Hosts: 84.252.148.18 chase.com
O1 - Hosts: 84.252.148.18 www.southtrust.com
O1 - Hosts: 84.252.148.18 southtrust.com
O1 - Hosts: 84.252.148.18 www.wachovia.com
O1 - Hosts: 84.252.148.18 wachovia.com
O1 - Hosts: 84.252.148.18 www.wellsfargo.com
O1 - Hosts: 84.252.148.18 wellsfargo.com
O1 - Hosts: 84.252.148.18 www.barclays.co.uk
O1 - Hosts: 84.252.148.18 barclays.co.uk
O1 - Hosts: 84.252.148.18 www.barclays.com
O1 - Hosts: 84.252.148.18 barclays.com
O1 - Hosts: 84.252.148.18 www.barclays.pt
O1 - Hosts: 84.252.148.18 barclays.pt
O1 - Hosts: 84.252.148.18 www.barclays.pt
O1 - Hosts: 84.252.148.18 barclays.pt
O1 - Hosts: 84.252.148.18 www.citi.com
O1 - Hosts: 84.252.148.18 citi.com
O1 - Hosts: 84.252.148.18 www.citibank.com
O1 - Hosts: 84.252.148.18 citibank.com
O1 - Hosts: 84.252.148.18 www.etrade.com
O1 - Hosts: 84.252.148.18 etrade.com
O1 - Hosts: 84.252.148.18 www.neteller.com
O1 - Hosts: 84.252.148.18 neteller.com
O1 - Hosts: 84.252.148.18 tcfbank.com
O1 - Hosts: 84.252.148.18 www.tcfbank.com
O1 - Hosts: 84.252.148.18 hsbc.com
O1 - Hosts: 84.252.148.18 www.hsbc.com
O1 - Hosts: 84.252.148.18 hsbc.co.uk
O1 - Hosts: 84.252.148.18 www.hsbc.co.uk
O1 - Hosts: 84.252.148.18 aol.com
O1 - Hosts: 84.252.148.18 www.aol.com
O1 - Hosts: 84.252.148.18 comerica.com
O1 - Hosts: 84.252.148.18 www.comerica.com
O1 - Hosts: 84.252.148.18 www.3riversfcu.org
O1 - Hosts: 84.252.148.18 3riversfcu.org
O1 - Hosts: 84.252.148.18 www.53.com
O1 - Hosts: 84.252.148.18 53.com
O1 - Hosts: 84.252.148.18 www.bbt.com
O1 - Hosts: 84.252.148.18 bbt.com
O1 - Hosts: 84.252.148.18 www.boh.com
O1 - Hosts: 84.252.148.18 boh.com
O1 - Hosts: 84.252.148.18 www.capitalone.com
O1 - Hosts: 84.252.148.18 capitalone.com
O1 - Hosts: 84.252.148.18 www.cnbwax.com
O1 - Hosts: 84.252.148.18 cnbwax.com
O1 - Hosts: 84.252.148.18 www.cwbk.com
O1 - Hosts: 84.252.148.18 cwbk.com
O1 - Hosts: 84.252.148.18 www.ebay.com
O1 - Hosts: 84.252.148.18 ebay.com
O1 - Hosts: 84.252.148.18 www.edsefcu.org
O1 - Hosts: 84.252.148.18 edsefcu.org
O1 - Hosts: 84.252.148.18 egold.com
O1 - Hosts: 84.252.148.18 www.egold.com
O1 - Hosts: 84.252.148.18 www.e-gold.com
O1 - Hosts: 84.252.148.18 e-gold.com
O1 - Hosts: 84.252.148.18 www.firstusa.com
O1 - Hosts: 84.252.148.18 firstusa.com
O1 - Hosts: 84.252.148.18 www.frontierbank.com
O1 - Hosts: 84.252.148.18 frontierbank.com
O1 - Hosts: 84.252.148.18 www.gncu.org
O1 - Hosts: 84.252.148.18 gncu.org
O1 - Hosts: 84.252.148.18 www.householdbank.com
O1 - Hosts: 84.252.148.18 householdbank.com
O1 - Hosts: 84.252.148.18 www.icicibank.com
O1 - Hosts: 84.252.148.18 icicibank.com
O1 - Hosts: 84.252.148.18 www.mbna.com
O1 - Hosts: 84.252.148.18 mbna.com
O1 - Hosts: 84.252.148.18 www.mibank.com
O1 - Hosts: 84.252.148.18 mibank.com
O1 - Hosts: 84.252.148.18 www.midamericabank.com
O1 - Hosts: 84.252.148.18 midamericabank.com
O1 - Hosts: 84.252.148.18 www.myindymacbank.com
O1 - Hosts: 84.252.148.18 myindymacbank.com
O1 - Hosts: 84.252.148.18 www.nafcunet.org
O1 - Hosts: 84.252.148.18 nafcunet.org
O1 - Hosts: 84.252.148.18 www.nationalcity.com
O1 - Hosts: 84.252.148.18 nationalcity.com
O1 - Hosts: 84.252.148.18 www.cnb.com
O1 - Hosts: 84.252.148.18 cnb.com
O1 - Hosts: 84.252.148.18 www.nationwide.com
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ote002c1] RUNDLL32.EXE w00e124b.dll,n 003002be0000000200e124b
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [HotKeysCmd] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [rfmk] C:\PROGRA~1\COMMON~1\rfmk\rfmkm.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?ccc2ae80e046432abf5a60a4f999bdaa
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?ccc2ae80e046432abf5a60a4f999bdaa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://nhti.nhti.edu
O15 - Trusted Zone: http://cisco2.nhti.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Logfile of HijackThis v1.99.1
Scan saved at 6:42:18 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\rpcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O1 - Hosts: 84.252.148.18 www.bankone.com
O1 - Hosts: 84.252.148.18 bankone.com
O1 - Hosts: 84.252.148.18 halifax.com
O1 - Hosts: 84.252.148.18 www.halifax.com
O1 - Hosts: 84.252.148.18 halifax.co.uk
O1 - Hosts: 84.252.148.18 www.halifax.co.uk
O1 - Hosts: 84.252.148.18 www.bankofamerica.com
O1 - Hosts: 84.252.148.18 bankofamerica.com
O1 - Hosts: 84.252.148.18 www.paypal.com
O1 - Hosts: 84.252.148.18 paypal.com
O1 - Hosts: 84.252.148.18 www.lloydstsb.com
O1 - Hosts: 84.252.148.18 lloydstsb.com
O1 - Hosts: 84.252.148.18 www.lloydstsb.co.uk
O1 - Hosts: 84.252.148.18 lloydstsb.co.uk
O1 - Hosts: 84.252.148.18 www.garanti.com.tr
O1 - Hosts: 84.252.148.18 garanti.com.tr
O1 - Hosts: 84.252.148.18 www.kocbank.com.tr
O1 - Hosts: 84.252.148.18 kocbank.com.tr
O1 - Hosts: 84.252.148.18 www.disbank.com.tr
O1 - Hosts: 84.252.148.18 disbank.com.tr
O1 - Hosts: 84.252.148.18 www.chase.com
O1 - Hosts: 84.252.148.18 chase.com
O1 - Hosts: 84.252.148.18 www.southtrust.com
O1 - Hosts: 84.252.148.18 southtrust.com
O1 - Hosts: 84.252.148.18 www.wachovia.com
O1 - Hosts: 84.252.148.18 wachovia.com
O1 - Hosts: 84.252.148.18 www.wellsfargo.com
O1 - Hosts: 84.252.148.18 wellsfargo.com
O1 - Hosts: 84.252.148.18 www.barclays.co.uk
O1 - Hosts: 84.252.148.18 barclays.co.uk
O1 - Hosts: 84.252.148.18 www.barclays.com
O1 - Hosts: 84.252.148.18 barclays.com
O1 - Hosts: 84.252.148.18 www.barclays.pt
O1 - Hosts: 84.252.148.18 barclays.pt
O1 - Hosts: 84.252.148.18 www.barclays.pt
O1 - Hosts: 84.252.148.18 barclays.pt
O1 - Hosts: 84.252.148.18 www.citi.com
O1 - Hosts: 84.252.148.18 citi.com
O1 - Hosts: 84.252.148.18 www.citibank.com
O1 - Hosts: 84.252.148.18 citibank.com
O1 - Hosts: 84.252.148.18 www.etrade.com
O1 - Hosts: 84.252.148.18 etrade.com
O1 - Hosts: 84.252.148.18 www.neteller.com
O1 - Hosts: 84.252.148.18 neteller.com
O1 - Hosts: 84.252.148.18 tcfbank.com
O1 - Hosts: 84.252.148.18 www.tcfbank.com
O1 - Hosts: 84.252.148.18 hsbc.com
O1 - Hosts: 84.252.148.18 www.hsbc.com
O1 - Hosts: 84.252.148.18 hsbc.co.uk
O1 - Hosts: 84.252.148.18 www.hsbc.co.uk
O1 - Hosts: 84.252.148.18 aol.com
O1 - Hosts: 84.252.148.18 www.aol.com
O1 - Hosts: 84.252.148.18 comerica.com
O1 - Hosts: 84.252.148.18 www.comerica.com
O1 - Hosts: 84.252.148.18 www.3riversfcu.org
O1 - Hosts: 84.252.148.18 3riversfcu.org
O1 - Hosts: 84.252.148.18 www.53.com
O1 - Hosts: 84.252.148.18 53.com
O1 - Hosts: 84.252.148.18 www.bbt.com
O1 - Hosts: 84.252.148.18 bbt.com
O1 - Hosts: 84.252.148.18 www.boh.com
O1 - Hosts: 84.252.148.18 boh.com
O1 - Hosts: 84.252.148.18 www.capitalone.com
O1 - Hosts: 84.252.148.18 capitalone.com
O1 - Hosts: 84.252.148.18 www.cnbwax.com
O1 - Hosts: 84.252.148.18 cnbwax.com
O1 - Hosts: 84.252.148.18 www.cwbk.com
O1 - Hosts: 84.252.148.18 cwbk.com
O1 - Hosts: 84.252.148.18 www.ebay.com
O1 - Hosts: 84.252.148.18 ebay.com
O1 - Hosts: 84.252.148.18 www.edsefcu.org
O1 - Hosts: 84.252.148.18 edsefcu.org
O1 - Hosts: 84.252.148.18 egold.com
O1 - Hosts: 84.252.148.18 www.egold.com
O1 - Hosts: 84.252.148.18 www.e-gold.com
O1 - Hosts: 84.252.148.18 e-gold.com
O1 - Hosts: 84.252.148.18 www.firstusa.com
O1 - Hosts: 84.252.148.18 firstusa.com
O1 - Hosts: 84.252.148.18 www.frontierbank.com
O1 - Hosts: 84.252.148.18 frontierbank.com
O1 - Hosts: 84.252.148.18 www.gncu.org
O1 - Hosts: 84.252.148.18 gncu.org
O1 - Hosts: 84.252.148.18 www.householdbank.com
O1 - Hosts: 84.252.148.18 householdbank.com
O1 - Hosts: 84.252.148.18 www.icicibank.com
O1 - Hosts: 84.252.148.18 icicibank.com
O1 - Hosts: 84.252.148.18 www.mbna.com
O1 - Hosts: 84.252.148.18 mbna.com
O1 - Hosts: 84.252.148.18 www.mibank.com
O1 - Hosts: 84.252.148.18 mibank.com
O1 - Hosts: 84.252.148.18 www.midamericabank.com
O1 - Hosts: 84.252.148.18 midamericabank.com
O1 - Hosts: 84.252.148.18 www.myindymacbank.com
O1 - Hosts: 84.252.148.18 myindymacbank.com
O1 - Hosts: 84.252.148.18 www.nafcunet.org
O1 - Hosts: 84.252.148.18 nafcunet.org
O1 - Hosts: 84.252.148.18 www.nationalcity.com
O1 - Hosts: 84.252.148.18 nationalcity.com
O1 - Hosts: 84.252.148.18 www.cnb.com
O1 - Hosts: 84.252.148.18 cnb.com
O1 - Hosts: 84.252.148.18 www.nationwide.com
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ote002c1] RUNDLL32.EXE w00e124b.dll,n 003002be0000000200e124b
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [HotKeysCmd] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [rfmk] C:\PROGRA~1\COMMON~1\rfmk\rfmkm.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?ccc2ae80e046432abf5a60a4f999bdaa
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?ccc2ae80e046432abf5a60a4f999bdaa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://nhti.nhti.edu
O15 - Trusted Zone: http://cisco2.nhti.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5BE70303-FB60-4692-A387-7C5725393943} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll