Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:00 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet
Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program
Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program
Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program
Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\windows\googletoolbar1.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
/background
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background (User
'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search -
res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program
Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} -
http://www.dellnet.com/ (file missing) (HKCU)
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi.../wuweb_site.cab?
1218578870313
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi.../muweb_site.cab?
1218578859297
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://floridakeysme...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program
Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 10889 bytes
uninstall:
32 Bit HP CIO Components Installer
Ad-aware 6 Personal
Adobe Acrobat 5.0
Ahead InCD EasyWrite Reader
AVG 8.0
CDK Players
ChainCast Proxy (remove only)
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Dell Solution Center
DellTouch
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Basic
EPSON TWAIN FB
ERUNT 1.1j
FoneSync
Google Toolbar for Internet Explorer
GRE POWERPREP
HexDump plug-in for Ad-Aware SE
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
LSP Explorer Pluginfor Ad-aware 6
Macromedia Flash Player 8
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Baseline Security Analyzer
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 CRT Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Morpheus 1.9
Morpheus 2.0
Morpheus Preview Edition
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Norton SystemWorks 2002
Norton WMI Update
OE/W Messengerctrl plug-in for Ad-Aware SE
OIN
Particle Downloader 2.11
PhoneTools
QuickTime
RealPlayer
Refupdate 2.0
Registry Mechanic
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Shop for HP Supplies
Shred version 2.0
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Swat It Trojan & Bot Remover - Version 1.0
The Playa
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
User's Guides
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Windows XP Uninstall
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Edited by patricks, 30 August 2008 - 04:06 PM.