Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:56 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
F:\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
f:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5b6797bc-d26b-605a-cc24-08a8bca45bd1} - {1db54acb-8a80-42cc-a506-b62dcb7976b5} - C:\WINDOWS\system32\yegeotrx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F43F2AD2-8EC5-42E6-A424-F1442BC08182} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "F:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MICROS~1] "C:\WINDOWS\Mircosoft Network.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Zvgre] "C:\Documents and Settings\Darrin\My Documents\W?nSxS\m?iexec.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188071570782
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188071526858
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fubar.com...geUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.gameriv...ames/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g...le_2_0_0_34.cab
O16 - DPF: {C428CBD7-5D46-46D5-9924-12ECE969A70B} (MediaAccelerator Installer Control) - http://files.freeban...Accelerator.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.94.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 7559 bytes
The hijack uninstall list:
32 Bit HP CIO Components Installer
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
All Video to VCD SVCD DVD Creator & Burner 1.9
AOL Instant Messenger
Audio Terminator 1.10
AVG Anti-Spyware 7.5
AVI DivX MPEG to DVD Converter & Burner Pro 1.6
AviSynth 2.5
BitLord 1.1
BurnRight! CD & DVD
CoffeeCup Flash Photo Gallery - Registered
DFX for Windows Media Player
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Free WMA to MP3 Converter 1.16
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
iriver Music Manager
iRiver Updater
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 6 Update 3
Java SE Runtime Environment 6 Update 1
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola iMega Pack (remove only)
Motorola mobile PhoneTools
Motorola PST
Motorola Service Software version 3.5.8 Full Edition Prerelease
Movie DVD Maker 1.4.6
Mozilla Firefox (1.0PR)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero - Burning Rom
Norton AntiVirus 2003
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PokerStars
PowerDVD
ProSavageDDR and Utilities
Quake III Arena
QuickTime
Recover My Files
R-Linux v1.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Sandlot Games Client Services
Sansa Connect Device Recovery
Sansa Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sothink Movie DVD Maker
Sun CD/DVD Burner
SUPERAntiSpyware Free Edition
Turbo File Uneraser 1.1
Ulead COOL 3D 3.5
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
WIBU-KEY Setup (WIBU-KEY Remove)
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinISO 5.3
WinZip
Active scan log
Incident Status Location
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Darrin\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/superbar Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MySearch
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:Adware/Yazzle Not disinfected C:\6A9.tmp
Virus:Trj/Downloader.RBV Disinfected C:\6AD.tmp
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Darrin\Application Data\Flock\Browser\Profiles\vhplz1hw.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Darrin\Application Data\Flock\Browser\Profiles\vhplz1hw.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.hypercount.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.kinghost.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Darrin\Application Data\Sun\Java\Deployment\cache\6.0\31\1799bd9f-34f048b9[Dummy.class]
Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\Darrin\Application Data\Sun\Java\Deployment\cache\6.0\31\1799bd9f-34f048b9[VerifierBug.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@zedo[1].txt
Adware:Adware/Trymedia Not disinfected C:\Downloads\CakeManiaSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\DinerDashSetup-dm[1].exe
Adware:Adware/Zango Not disinfected C:\Program Files\Motorola iMega Pack\Mozilla Firefox\plugins\npclntax.dll