Logfile of HijackThis v1.99.1
Scan saved at 12:18:56 PM, on 12/14/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.coastlighting.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINNT\system32\winbrume.dll
O2 - BHO: (no name) - {1C0206A5-4F6F-4FAD-BDCE-AD9A0C8463Ce} - C:\WINNT\System32\ljferomo.dll
O2 - BHO: (no name) - {87185E78-A61B-4DB3-965A-3235BBD7A622} - C:\WINNT\system32\win32hp.dll
O2 - BHO: (no name) - {921BD7DB-7E52-4294-B8C5-684434277B28} - C:\WINNT\System32\ljferomo.dll
O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\FARMER~1\LOCALS~1\Temp\accute.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKLM\..\Run: [updwebmin] c:\winnt\system32\updwebmin.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32hp] C:\WINNT\System32\winalt32.exe
O4 - HKLM\..\Run: [7v3j] C:\WINNT\System32\z1385.exe gdtgh
O4 - HKLM\..\Run: [sysvx] C:\WINNT\sysvx_.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Nord] C:\WINNT\System32\nordsys.exe
O4 - HKLM\..\Run: [system spool] C:\WINNT\System32\syspools.exe
O4 - HKLM\..\Run: [mstss] C:\Program Files\Win32waex\mstss32wa.exe
O4 - HKLM\..\Run: [WINDOWS] C:\rnjn.exe
O4 - HKLM\..\Run: [qfyqakn.dll] C:\WINNT\System32\rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\qfyqakn.dll",xysmkvf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [updwebmin] c:\winnt\system32\updwebmin.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Nord] C:\WINNT\System32\nordsys.exe
O4 - HKCU\..\Run: [taskdir] C:\WINNT\System32\taskdir.exe
O4 - HKCU\..\Run: [system spool] C:\WINNT\System32\syspools.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DF.tmp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: CDRecorder026 - {A3BC5E20-0235-1ABF-9CE1-00AA00512026} - C:\WINNT\System32\vohb32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\System32\msasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
