Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:27 AM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\aul9yx.exe
C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\wvvof2td.exe
C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\buvnjyqj6m6.exe
C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\pb2qbnlwvg18g.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {96164793-6A58-41B4-84FA-BD372F57AF52} - c:\windows\system32\ejcwzdj.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kng2n3go3hx33gi13bic4bur462d12h94op] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\mxzwmg8s37ysl.exe
O4 - HKCU\..\Run: [qgsl014dmli] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\qwphos2n2je.exe
O4 - HKCU\..\Run: [uajjh6feb63egw] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\m2igvxdpm7lm.exe
O4 - HKCU\..\Run: [vyun0ts95ux6zit3z0wg0lcpw940qfdk5fzocgsp] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\efp0b24g51ef.exe
O4 - HKCU\..\Run: [k288hhnrzbrry18oq] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\z6hjtvrgqc76.exe
O4 - HKCU\..\Run: [l72cweme8a57kr3zx0c4yqfmwd0wingn6zi5p3bgcep] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\r2ok9jiq96jz.exe
O4 - HKCU\..\Run: [mnzd0wja725zzogwlnynkjxiojx0mzyj4y9mzes5oij3bo] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\g574c7lb6o.exe
O4 - HKCU\..\Run: [nulppq73yfztiyxwfe6] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\oxdg1hwrc24.exe
O4 - HKCU\..\Run: [zbqf34mogjur933uwwk04] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\gtkl70v3kts.exe
O4 - HKCU\..\Run: [efsx2km0n4bu1s6gjc] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\rvk0nwpbhegg.exe
O4 - HKCU\..\Run: [daht46nde5xef2b5csvit1f7grnsak98x5] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\zzwzo8ykyknn.exe
O4 - HKCU\..\Run: [cfq0alxo1k897140prid00wr9xzcm5bgshph9ixcpvbh0wb] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\nsg2aj9.exe
O4 - HKCU\..\Run: [tzol1k31jxqgl2rvkweyu4k] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\z4ljop5et.exe
O4 - HKCU\..\Run: [ysp2pv7zgfd6kgo0arp5e8hpusbf9] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\r0sknuwoc.exe
O4 - HKCU\..\Run: [d8zzirda92zayf3acxk25jadj99u2xpclajl7ooosdonpom] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\wzanmh.exe
O4 - HKCU\..\Run: [e66gmks7lfc07cy2wwh6h1fvk1] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\p5m5t3h.exe
O4 - HKCU\..\Run: [aot5wknu8qv7se37jlbaphxzfalthxmv6] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\at58puo.exe
O4 - HKCU\..\Run: [ch6mzxxbflee2c9jn3xzki91ogaxavg6t1s] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\lmqeuj.exe
O4 - HKCU\..\Run: [ffl2s8p9un21gwjdtm] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\t4prfx6vtysb2.exe
O4 - HKCU\..\Run: [fewa7k6n2avhtl3a8l5di6eettsw52s9uva3uc8rg] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\woferantyaap6.exe
O4 - HKCU\..\Run: [gkmm9midynm338vob7kk597txw99wtg0c5v9bis] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\c3mydp.exe
O4 - HKCU\..\Run: [nyual6iicaxgzx6hcqeujbjuq4j5dmgc41ybm4gdb5f] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\mrlq0ewk5ao.exe
O4 - HKCU\..\Run: [pnraivvobjgurgvz5tbqv] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\qdv3j4aq0j69o.exe
O4 - HKCU\..\Run: [vic9onqtfzv1e7s] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\bwvmlo.exe
O4 - HKCU\..\Run: [e16ly77hut76hjyelnm36mei3dwk7eww2wpetybbey33bqffr] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\ts2nkt.exe
O4 - HKCU\..\Run: [yabwig5gyeycw6xfxgxk6b98epuc2] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\spqoaw431ba1s.exe
O4 - HKCU\..\Run: [lvi3ngo91efzmmfl3bfm6gh] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\pw2oefgxfil.exe
O4 - HKCU\..\Run: [kc6erelro] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\hs98d3qoycx.exe
O4 - HKCU\..\Run: [lvpnx7iy0l] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\u18g2zenvql.exe
O4 - HKCU\..\Run: [ow3b4h0buq5ajer6t95k5i9t38fduga6] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\fpajyq4uy88.exe
O4 - HKCU\..\Run: [mowyjgygae8hygxm8aozismc0jxbfc] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\uxm3hw.exe
O4 - HKCU\..\Run: [xfmtufd4f8yazqfq4ipb7cx9] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\ie8qeanw.exe
O4 - HKCU\..\Run: [jbvwd2lda7np5gb7t3su6vzs91hpm3qfmzy] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\cxs7vz.exe
O4 - HKCU\..\Run: [as1kk14pz3tik16xczkjs1o1lmc7ucqktiewwa4h8evy] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\k1l6wu.exe
O4 - HKCU\..\Run: [kin4bqcu907r0ocsn0uy3vvcsnj8xsrshw82ngqizytf54f7q] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\nyfifkp6.exe
O4 - HKCU\..\Run: [ak5hb5y8xoj0p6ayq0xjmnjl9hcw5fc48500vc0x2olvctvxw] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\n3y2oiu.exe
O4 - HKCU\..\Run: [kixuqk9zl2qvk8smz02ng9hilpvzq9v] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\jj5413m34elm.exe
O4 - HKCU\..\Run: [mp7swwkmp9al5sgqh77aupydnglvxtshiwvd] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\hz2sv4ub9kwt.exe
O4 - HKCU\..\Run: [vrnvxjt5ib9wh3po2ep4izxs5cik4jq2yxa7n3muamk13qbv] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\ts799v.exe
O4 - HKCU\..\Run: [zrk0zhnving] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\udwyzip2.exe
O4 - HKCU\..\Run: [anfi2ovq9pnkqtee4060] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\i6r1b88clj0ih.exe
O4 - HKCU\..\Run: [nqy4hjmpq2byxqneby5drsgkfn4ej0ztoy] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\axm2be60.exe
O4 - HKCU\..\Run: [xe73uc0vvh6imz3lbw7kjus06w2ui2efogl] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\tu0o0yr.exe
O4 - HKCU\..\Run: [i2cpftt03u0zwy1won] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\d3v9f89.exe
O4 - HKCU\..\Run: [xx07cjqz4ejyzq3zkt4x5ipxj9g8nd8lj9scesl6s] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\zveasbt.exe
O4 - HKCU\..\Run: [h6f0ggvkqh0kxz12nknjpi530dz6rq2e] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\oterm1.exe
O4 - HKCU\..\Run: [l32zfuu1d] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\nj9tvk785lmbm.exe
O4 - HKCU\..\Run: [wy6bfk4nbo1b85hhcyqpmlz3s5029iul9zwnelo1t8xedd41] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\kjgdo2j.exe
O4 - HKCU\..\Run: [hxdj1iicl2p9u7dm2j1] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\g0t3uujx7.exe
O4 - HKCU\..\Run: [d1rks9ixdbg6tcfn2jk6x9w1xrudnyaxgatx4whhocy] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\k1tlrr.exe
O4 - HKCU\..\Run: [z8fkavlo6gf54jabe94jbmkkzxalk2t9bju8jkgumkauf7qon5] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\zsomaxidr.exe
O4 - HKCU\..\Run: [e1gkf6pm3f2v3x] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\roc6ql9na.exe
O4 - HKCU\..\Run: [cl3jjqo8adg] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\wvvof2td.exe
O4 - HKCU\..\Run: [knam0jaq7pn7vif] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\buvnjyqj6m6.exe
O4 - HKCU\..\Run: [b3j3zewbhu] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\pb2qbnlwvg18g.exe
O4 - HKCU\..\Run: [vyy1zcngms9dqvyqjkj37k2j2jdi] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\aul9yx.exe
O4 - HKCU\..\Run: [zot34pau9ur24bwb38kodbrzp] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\kdeiw4t94l5r.exe
O4 - HKCU\..\Run: [bal797s0uuwnvo74iuj4] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\gyxk85.exe
O4 - HKCU\..\Run: [j8xjnmu7p50tee867hsoy5lv8teqdwh10zn9z6] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\w6jztv.exe
O4 - HKCU\..\Run: [df2em8rpu38r7mtssjsvyvv1463brmsbrx4cicafk] C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\hp2ig5h.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4220013903
O20 - Winlogon Notify: zyqsiwti - C:\WINDOWS\SYSTEM32\ejcwzdj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 13369 bytes