G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
Logfile of HijackThis v1.99.1
Scan saved at 11:07:04 PM, on 08/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.LIN\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Roadrunner
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 64.124.166.37 www.kaazalite.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook -
{0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program
Files\Etomi\Plugins\RazaWebHook.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [cat] C:\Program Files\CAT\cat.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [dupe dart cast cool] C:\Documents and Settings\All
Users.WINDOWS\Application Data\Show Knob Dupe Dart\Balm first.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Open List]
C:\DOCUME~1\OWNER~1.LIN\APPLIC~1\SHIMFO~1\boldskip.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced
Searchbar\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\Program
Files\Advanced Searchbar\delfromlist.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Dominoes by pogo -
http://game1.pogo.com/applet-6.2.5.28/domino/domino-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo -
http://game1.pogo.com/applet-6.2.5.28/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Jungle Gin by pogo -
http://game1.pogo.com/applet-6.2.5.28/gin/gin-ob-assets.cab
O16 - DPF: Poppit by pogo -
http://game1.pogo.com/applet-6.2.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -
http://game1.pogo.com/applet-6.2.5.28/peaks/peaks-ob-assets.cab
O16 - DPF: ViewTIFF for Java -
http://imaging.landata.com/ViewTIFFJava/javabin/TIFFView.cab
O16 - DPF: Yahoo! Spades -
http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) -
http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) -
http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) -
http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment
1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4458/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} -
http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc.
- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. -
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona,
Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: MSR Collector - Unknown owner - C:\Program Files\Black White
Box\bin\msrCollector.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
This is the log from highjack this.
Logfile of HijackThis v1.99.1
Scan saved at 11:07:04 PM, on 08/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.LIN\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Roadrunner
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 64.124.166.37 www.kaazalite.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook -
{0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program
Files\Etomi\Plugins\RazaWebHook.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [cat] C:\Program Files\CAT\cat.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [dupe dart cast cool] C:\Documents and Settings\All
Users.WINDOWS\Application Data\Show Knob Dupe Dart\Balm first.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program
Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Open List]
C:\DOCUME~1\OWNER~1.LIN\APPLIC~1\SHIMFO~1\boldskip.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced
Searchbar\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\Program
Files\Advanced Searchbar\delfromlist.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Dominoes by pogo -
http://game1.pogo.com/applet-6.2.5.28/domino/domino-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo -
http://game1.pogo.com/applet-6.2.5.28/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Jungle Gin by pogo -
http://game1.pogo.com/applet-6.2.5.28/gin/gin-ob-assets.cab
O16 - DPF: Poppit by pogo -
http://game1.pogo.com/applet-6.2.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -
http://game1.pogo.com/applet-6.2.5.28/peaks/peaks-ob-assets.cab
O16 - DPF: ViewTIFF for Java -
http://imaging.landata.com/ViewTIFFJava/javabin/TIFFView.cab
O16 - DPF: Yahoo! Spades -
http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) -
http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) -
http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) -
http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment
1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4458/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} -
http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc.
- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. -
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona,
Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: MSR Collector - Unknown owner - C:\Program Files\Black White
Box\bin\msrCollector.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
This is the log from highjack this.