Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:40 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\qiawpbjj.exe
F:\WINDOWS\system32\devldr32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\WINDOWS\Dit.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\Messenger\msmsgs.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\wanmpsvc.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
f:\progra~1\mcafee.com\vso\mcvsftsn.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\WINDOWS\System32\MsPMSPSv.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\AIM6\aim6.exe
F:\Program Files\AIM6\aolsoftware.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
f:\program files\common files\aol\1124472623\ee\aolsoftware.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\qiawpbjj.exe,F:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [DIAGENT] "F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE" startup
O4 - HKLM\..\Run: [AHQInit] "F:\Program Files\Creative\SBLive\Program\AHQInit.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] "F:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] "F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] F:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] "F:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Image to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119890110780
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O21 - SSODL: E404Helper - {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12605 bytes
Please Help!!!!!!!!