Scan saved at 09:28:51, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\PN170C.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cisco Systems\Clean Access Agent\ccaagent.exe
C:\Program Files\PGP Corporation\PGP Desktop\pgptray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Tagzone
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://Tagzone
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Best Buy Co., Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://usproxy.na.bestbuy.com/wpad.dat
O2 - BHO: (no name) - {467A8A7C-4C2A-4812-A879-9F162E7A98CC} - C:\WINDOWS\system32\nnnmmklJ.dll
O2 - BHO: (no name) - {a87caf9d-8574-4916-b170-f87f715a4c40} - C:\WINDOWS\system32\dusatalo.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Banner] "c:\windows\system32\Banner.hta"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [riwuvajube] Rundll32.exe "C:\WINDOWS\system32\girubuko.dll",s
O4 - HKUS\S-1-5-19\..\Run: [riwuvajube] Rundll32.exe "C:\WINDOWS\system32\girubuko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [riwuvajube] Rundll32.exe "C:\WINDOWS\system32\girubuko.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://Tagzone
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: http://msimabs.bestbuy.com
O15 - Trusted Zone: http://mysite.bestbuy.com
O15 - Trusted Zone: http://sp.bestbuy.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: http://*.bestbuy.com
O15 - Trusted Zone: http://bestbuy.collaborate.net
O15 - Trusted Zone: http://h30125.www3.hp.com
O15 - Trusted Zone: http://onlinebanker.usbank.com
O15 - Trusted Zone: http://www.usbankconnections.com
O15 - Trusted Zone: *.accenture.com (HKLM)
O15 - Trusted Zone: http://msimabs.bestbuy.com (HKLM)
O15 - Trusted Zone: http://mysite.bestbuy.com (HKLM)
O15 - Trusted Zone: http://sp.bestbuy.com (HKLM)
O15 - Trusted Zone: http://www.bestbuy.com (HKLM)
O15 - Trusted Zone: http://*.bestbuy.com (HKLM)
O15 - Trusted Zone: http://bestbuy.collaborate.net (HKLM)
O15 - Trusted Zone: http://h30125.www3.hp.com (HKLM)
O15 - Trusted Zone: http://onlinebanker.usbank.com (HKLM)
O15 - Trusted Zone: http://www.usbankconnections.com (HKLM)
O16 - DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} (JInitiator 1.3.1.29) - http://op01oalba.na....tor/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.bestbuy.com
O17 - HKLM\Software\..\Telephony: DomainName = na.bestbuy.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.bestbuy.com
O20 - AppInit_DLLs: hljiwc.dll C:\WINDOWS\system32\gulotema.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
--
End of file - 6442 bytes