Logfile of HijackThis v1.99.1
Scan saved at 14:39:11, on 03/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Tiny Personal Firewall3\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 6.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\symantec33.exe
C:\WINDOWS\System32\rundll32.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\SpyCQ\SpyCQ.exe
D:\Program Files\ICQ-new\icq.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\segev\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://realsearch.cc/?a=2&b=xzy
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://realsearch.cc/?a=2&b=xzy
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\segev\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\segev\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =
http://realsearch.cc/?a=2&b=xzy
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =
http://realsearch.cc/?a=2&b=xzy
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about
:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\windows\symantec33.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B7251BF7-5FD4-4C43-9536-C1AC6C4043CA} - C:\WINDOWS\System32\jcam.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - d:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\he-il\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 6.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [GLSetIT311] C:\windows\symantec33.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\segev\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [GLSetIT311] C:\windows\symantec33.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [ICQ] D:\Program Files\ICQ-new\icq.exe -trayboot
O4 - Startup: Tamahugo.lnk = C:\Program Files\Scops\TTT\TTT.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ-new\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ-new\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) -
http://ioc.jpn.ph:81/IPV6CAM.CAB
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) -
http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {5B132B38-9E37-4D05-B8D6-A274C32D5234} -
http://mnb.validbox.com/ActiveX_DownloadAndRun_0.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) -
http://irc.tapuz.co.il/sp_new/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{057950E5-7149-4144-A421-DEF29D463440}: NameServer = 192.114.47.4 192.114.47.52
O17 - HKLM\System\CS1\Services\Tcpip\..\{057950E5-7149-4144-A421-DEF29D463440}: NameServer = 192.114.47.4 192.114.47.52
O18 - Filter: text/html - {C6875D0F-12E0-4C4D-BB4F-FB8FC70A187E} - C:\WINDOWS\System32\jcam.dll
O18 - Filter: text/plain - {C6875D0F-12E0-4C4D-BB4F-FB8FC70A187E} - C:\WINDOWS\System32\jcam.dll
O21 - SSODL: System - {AA2816FA-67CE-427B-BDFC-EAC79D83B997} - C:\WINDOWS\system32\system32.dll
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - d:\Program Files\Tiny Personal Firewall3\persfw.exe