Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31: VIRUS ALERT!, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ODP\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BRANDO~2.BRA\LOCALS~1\Temp\Rar$EX55.172\MacSearch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: fdkowvbp - {CC62551A-9113-48E1-936F-27ABC255A8B4} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Sys1E5.exe] C:\Windows\Sys1E5.exe
O4 - HKLM\..\Run: [Sys1E6.exe] C:\Windows\Sys1E6.exe
O4 - HKLM\..\Run: [Sys1E7.exe] C:\Windows\Sys1E7.exe
O4 - HKLM\..\Run: [Sys1E8.exe] C:\Windows\Sys1E8.exe
O4 - HKLM\..\Run: [Sys1E9.exe] C:\Windows\Sys1E9.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\BRANDO~2.BRA\LOCALS~1\Temp\scksexde.exe/r
O4 - HKLM\..\Run: [14b8735f] rundll32.exe "C:\WINDOWS\system32\dbvtbiqu.dll",b
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7409] command /c del "C:\Program Files\VAV\vav.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3840] cmd /c del "C:\Program Files\VAV\vav.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5025] command /c del "C:\WINDOWS\fdkowvbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5512] cmd /c del "C:\WINDOWS\fdkowvbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4501] command /c del "C:\WINDOWS\system32\efcDSkki.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4009] cmd /c del "C:\WINDOWS\system32\efcDSkki.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5853] command /c del "C:\WINDOWS\wnslvxtf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3190] cmd /c del "C:\WINDOWS\wnslvxtf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7142] command /c del "C:\WINDOWS\eqvwamkl.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\WINDOWS\eqvwamkl.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sys1E5.exe] C:\Windows\Sys1E5.exe
O4 - HKCU\..\Run: [Sys1E6.exe] C:\Windows\Sys1E6.exe
O4 - HKCU\..\Run: [Sys1E7.exe] C:\Windows\Sys1E7.exe
O4 - HKCU\..\Run: [Sys1E8.exe] C:\Windows\Sys1E8.exe
O4 - HKCU\..\Run: [Sys1E9.exe] C:\Windows\Sys1E9.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ODP\ObjectDock\ObjectDock.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O21 - SSODL: wnslvxtf - {37D89D46-112F-49DD-B266-EAB651703DC5} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {68F25448-A49D-448F-AD2B-40B11204241C} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 8529 bytes