Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:41, on 23/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
P:\CAinternetsecurity\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
P:\CAinternetsecurity\eTrust EZ Antivirus\CAVRID.exe
P:\CAinternetsecurity\cctray\cctray.exe
P:\CAinternetsecurity\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\WINDOWS\system32\ctfmon.exe
P:\CAinternetsecurity\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\System32\svchost.exe
P:\CAinternetsecurity\eTrust EZ Antivirus\VetMsg.exe
P:\CAinternetsecurity\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/e ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6CB804C6-8939-AA18-83BD-0A1183860E3F} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DSL Connection Manager] "C:\Program Files\INTEL\DSLSetup\ProDsl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CAVRID] "P:\CAinternetsecurity\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "P:\CAinternetsecurity\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "P:\CAinternetsecurity\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {0A62CEA2-6092-455A-B50B-200C904B08FF} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O9 - Extra button: Homepage - {2ACDC5B2-0E32-4CC1-BD9B-F647B92DA86C} - http://www.btopenworld.com/businesshome (file missing) (HKCU)
O9 - Extra button: BT - {BECB82FC-A5FD-400B-A126-A8CCDD931483} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {006416E4-6530-57F5-23F2-3A7A7AF65B53} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {010633EE-2DE9-4567-4718-378927E92227} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0191897D-841F-4304-E794-0BB10FCA4CA6} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {04C6443D-8C87-3A12-7504-5411517C1931} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {05638749-B5C1-5EF2-556E-59966F5A0F80} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {09FAB6B7-33FF-032A-58D3-551444D80DF7} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0BC594F5-A692-7073-ACF5-1E044D0142DD} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0D8471CE-47B3-00C0-9FED-08787855D1B7} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0DA8011B-46F7-7680-A080-5E22313FD426} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0F031E20-E761-78B9-6D78-46CA281356A0} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {0FE8F388-95A8-6AC2-16DB-571676AA7333} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {1280B829-9913-5D67-7238-12AC02A84E02} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {13C0BCF1-B64E-3CDE-23D6-5399239CFCB9} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://training.k2ms.com/WebPlayer/auth ... wswaxd.cab
O16 - DPF: {1909E5BE-BE56-641D-EE38-346830E711A5} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {1AFA125A-D7E1-52A5-1BB5-47610D1442E3} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {202C403F-B981-2276-39D2-3778463640C4} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {204D3808-354D-488C-1501-68044E2E5E4B} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2101ACD7-8377-79BA-9398-02E716B306C5} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2631DBED-7403-3F7B-CF8C-77AE70D465C7} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {27812E13-4CDB-6FE7-C532-39DF23172E76} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {27B5C7A2-4531-2B79-0462-55A05441A573} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {27B63DFD-A748-1111-0907-56C372800B17} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {27FD3FB7-C549-247F-F7CA-39B95C436F7B} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
O16 - DPF: {2B108D4D-6326-6EAE-18A6-6B5014F9DD10} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2B84CF55-33F4-2732-0460-44B66B4BA6FA} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2B9AC3EC-A412-4302-6B05-29332D473EBC} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2CC66FF6-ADA1-3D71-0DD4-6E8557445C94} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {2EB9E46D-D34C-3ED9-B714-553344BE8030} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {3610B7A2-17EE-017E-0CB7-501E7B77E58C} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {36726AE1-3275-1B1F-7590-13D0560D26BA} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {39062C73-99ED-469F-A20A-561E67D86132} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {3AF1420A-306C-2AD1-D239-0A202420CCA5} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {3B2C4E33-B7C9-11B3-2EA7-57957CB64CB4} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {3BA4D915-683A-36D9-9D03-4E2D5956C941} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {3C9B611C-6032-2A32-AA47-17890A837D12} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {43652E67-CD64-3C68-BDC8-2D665AC6EB79} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {47969836-0DBA-101A-BABC-5C2205D007A4} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {47AFD7AF-50BE-15DA-A3F7-32B92CF7119C} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {47BCF70A-1481-1631-1CC5-2A1770574D72} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {48FD6500-3F6E-792A-B072-70D41984CF81} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {4D00DF50-1974-6DB1-1762-742314A8E0F8} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {4E6343BB-C229-2612-74C1-437551C5C69F} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5189585D-3313-2D3C-A71D-7ACF63F8AC83} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {52128203-E2C1-5C1E-9855-525321B08A11} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {527A341D-1931-380F-3203-4E7F0950790E} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {53E6564C-B4C3-5D50-6400-145A4CCED51D} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {545D1464-E0E3-4275-CDE3-4DC943483947} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {554B6000-5DA2-383C-65BF-0B53176B4B5D} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestSc ... stscan.cab
O16 - DPF: {5801F8F1-ABA3-5925-3D60-3F5A589D5EDA} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {591C68D4-832F-5B6C-4B02-46F75DF97C91} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6088333D-04D1-6DCC-E9AA-47E067279782} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6779BA63-C483-630C-4993-153D08D13763} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {69489ED9-0B5D-213A-5F35-7FC72D4C3F9F} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {6B870227-C92C-49E8-57DF-61F91EFF8C30} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {6BCE3BE4-1562-78A5-B3A2-73AF4406D04F} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {6D2AD786-F4BF-3B2B-5E70-52510ED83A42} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {6EBB85C3-45D3-533F-3539-0E34155BADFA} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {6F005B8E-3E92-5441-FB74-00BF7CE62C3D} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {728491C2-6960-29D9-E6B7-5B7730461A8D} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {72AB63D6-6614-3CF0-BB99-50C05BB3528D} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {733CD10A-8288-69D6-9036-2AD645CADD9F} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {737D68E6-D178-7524-8ADC-7D4C7B0A29E4} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {73B04ABE-2F7D-51DC-481F-4C926749F67F} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {757DF668-16E2-1820-107D-380F7887072B} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {789985B6-AD76-48AF-119F-4B632F29D9D8} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {78CF2FF1-4966-7E5F-E0CC-4CE82C2AC474} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {7A13544D-29F3-30D2-E240-4C9D38CD5AD2} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {7A9C26D3-F13D-4C84-D926-04E97D0C3A35} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {7C3B9F87-C1EB-577C-EACE-5E7F6E716CC7} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {7E94FC34-E655-23AE-B33E-37404D0638B8} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {7F6D73F6-0EFD-5C23-9036-11C12FF4D70B} - http://85.255.115.229/1/gdnFR2312.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2312.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gba217.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gba217.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63628ED7-C88D-46E1-BAEB-95EE5F619134}: NameServer = 194.74.65.69 194.72.9.34
O20 - AppInit_DLLs: dbi102.dll
O21 - SSODL: ComCfg - {49220253-153B-E3F3-67AF-0361FF5FF222} - C:\Program Files\huxcceg\ComCfg.dll
O23 - Service: CaCCProvSP - CA, Inc. - P:\CAinternetsecurity\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - P:\CAinternetsecurity\eTrust EZ Antivirus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - P:\CAinternetsecurity\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 14658 bytes