inLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:17 AM, on 3/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Laura\AppData\Local\Temp\winlognn.exe
C:\Windows\System32\frmwrk32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\lsass.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Laura\AppData\Local\Temp\Low\1621310015.exe
C:\Users\Laura\AppData\Local\Temp\Low\3316128719.exe
C:\Users\Laura\AppData\Local\Temp\jequ4ycuvmt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Laura\AppData\Local\Temp\y814k9mn.tmp\spybotsd162.exe
C:\Users\Laura\AppData\Local\Temp\is-6F90G.tmp\spybotsd162.tmp
C:\Users\Laura\AppData\Local\Temp\y814k9mn.tmp\spybotsd162.exe
C:\Users\Laura\AppData\Local\Temp\is-B6V27.tmp\spybotsd162.tmp
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\Windows\system32\hs3i7jdgfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hs3i7jdgfd.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\Users\Laura\AppData\Local\Temp\winlognn.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Xpuduf] rundll32.exe "C:\Windows\Ljini.dll",e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Lsass Service] C:\Users\Laura\AppData\Roaming\Microsoft\Windows\lsass.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Users\Laura\AppData\Local\Temp\winlognn.exe
O4 - HKCU\..\Run: [Windows Update] "C:\Windows\system32\Updater.exe"
O4 - HKCU\..\Run: [xq0ggjesj105a] C:\Users\Laura\AppData\Local\Temp\qo98l7vqoh2.exe
O4 - HKCU\..\Run: [u032vqitwgmq69je6xanvsi0y] C:\Users\Laura\AppData\Local\Temp\eut6jl8188j.exe
O4 - HKCU\..\Run: [nptmwb3yx7ijd98z] C:\Users\Laura\AppData\Local\Temp\tafuka1a9.exe
O4 - HKCU\..\Run: [g3zncacem30fij38co9erecei58iq3c2frycz3ukk] C:\Users\Laura\AppData\Local\Temp\sj0neomsyht.exe
O4 - HKCU\..\Run: [weh9jqp2m] C:\Users\Laura\AppData\Local\Temp\im0bh9izxs8a.exe
O4 - HKCU\..\Run: [wwam28lyy70j4mhd24lb42g6biww09fxz7] C:\Users\Laura\AppData\Local\Temp\vvf90izr.exe
O4 - HKCU\..\Run: [g4ayvt503tw1usnlqc5p8wzpo3gj6yrema] C:\Users\Laura\AppData\Local\Temp\gw6715p.exe
O4 - HKCU\..\Run: [gge8g2f4vr7jvjdplyec2v3554] C:\Users\Laura\AppData\Local\Temp\y6bortbc.exe
O4 - HKCU\..\Run: [o1ewghsyhgzwrqmx1w2mu0yykytx8sb3mbnjawiaoji] C:\Users\Laura\AppData\Local\Temp\hg6py2qrk4vt.exe
O4 - HKCU\..\Run: [Xpuduf] rundll32.exe "C:\Windows\Ljini.dll",e
O4 - HKCU\..\Run: [jwqosrg8qi0chg7prfxm56x42kyter8rpgvgr] C:\Users\Laura\AppData\Local\Temp\rcfbendigdu3j.exe
O4 - HKCU\..\Run: [tddluftxhgqca609srar6lzsw3a] C:\Users\Laura\AppData\Local\Temp\nxfdq7h.exe
O4 - HKCU\..\Run: [pnmtwf4vrsv5npik6d7xshirh9o9] C:\Users\Laura\AppData\Local\Temp\oq6khlsqt.exe
O4 - HKCU\..\Run: [ea2sk9hotfbcq2t646d85lc8i3urz5mrlmxkbbdnn506] C:\Users\Laura\AppData\Local\Temp\oqw1mxqtgxvq.exe
O4 - HKCU\..\Run: [Dbasuqap] rundll32.exe "C:\Users\Laura\AppData\Local\igituqicacepepa.dll",e
O4 - HKCU\..\Run: [ahmdp4e551k57xv723g4mk738nltoa6avpvuwl] C:\Users\Laura\AppData\Local\Temp\e7jzo9dt4os.exe
O4 - HKCU\..\Run: [peedmk6uxm57z] C:\Users\Laura\AppData\Local\Temp\zqh6hd1a4o4bu.exe
O4 - HKCU\..\Run: [cn615dmdwzpv3] C:\Users\Laura\AppData\Local\Temp\iq7ey8r.exe
O4 - HKCU\..\Run: [acwnna5mhckp07m5jyg3txv7gc8ozrllj7ny2] C:\Users\Laura\AppData\Local\Temp\sdqzg2xtn5.exe
O4 - HKCU\..\Run: [t9eqz3v44zfgr] C:\Users\Laura\AppData\Local\Temp\hp7d1bqmkn.exe
O4 - HKCU\..\Run: [vsrudzldvl6sqkvy96t] C:\Users\Laura\AppData\Local\Temp\upi6jtlzk1ro.exe
O4 - HKCU\..\Run: [ncndcgrf0u4adyeavnylnade] C:\Users\Laura\AppData\Local\Temp\q5p8fedix.exe
O4 - HKCU\..\Run: [fins5t5jt8qs85895uflamlnpshkbl2rzgzx5w4dqy1zl] C:\Users\Laura\AppData\Local\Temp\xnohvyhfjhu.exe
O4 - HKCU\..\Run: [kg4spcm57cdhek8ysfoff0zbzjq1kz] C:\Users\Laura\AppData\Local\Temp\nvtwg5zxht6.exe
O4 - HKCU\..\Run: [hakcql63b0lax] C:\Users\Laura\AppData\Local\Temp\yxtfmf1qkbp4.exe
O4 - HKCU\..\Run: [wkow4lu6i512028uxp47m99wm3cf45w] C:\Users\Laura\AppData\Local\Temp\rgql1gvo1q.exe
O4 - HKCU\..\Run: [rw3ht3vkss3y4huo0y3] C:\Users\Laura\AppData\Local\Temp\ehklo4.exe
O4 - HKCU\..\Run: [jp969wargzh4ohst43coleklqw3cehzpaw7y1] C:\Users\Laura\AppData\Local\Temp\uqta7om1dy.exe
O4 - HKCU\..\Run: [p6dcbdlmrma71hykb6zjh20o9faosqjb] C:\Users\Laura\AppData\Local\Temp\w15a53jfy5.exe
O4 - HKCU\..\Run: [eh9vyvdjzdgvh5lq9ox8h1ftrylz35ojgup92ajxljy37] C:\Users\Laura\AppData\Local\Temp\geo50tkd.exe
O4 - HKCU\..\Run: [yqbtibfyixz] C:\Users\Laura\AppData\Local\Temp\ln0oa5y.exe
O4 - HKCU\..\Run: [en91524jptvyzh9w9c26d] C:\Users\Laura\AppData\Local\Temp\xtzwpabl.exe
O4 - HKCU\..\Run: [zr75p9iyc23wl5s4nj99] C:\Users\Laura\AppData\Local\Temp\k7efzlxpg2.exe
O4 - HKCU\..\Run: [qimbs2bmjlcw7m0erv7ocxg1sozzveyvd5ehb] C:\Users\Laura\AppData\Local\Temp\j5t3z5yo0z.exe
O4 - HKCU\..\Run: [s2ow27icpaxs5wq0tsrhgcgd3zify3udjgpw60jasgv2iipbr3] C:\Users\Laura\AppData\Local\Temp\owfn8luj1x5j.exe
O4 - HKCU\..\Run: [wrq03a1cczn2cfakgius1289xzhb] C:\Users\Laura\AppData\Local\Temp\qekfkkcgqn9a.exe
O4 - HKCU\..\Run: [di7wqt330f79mz4uy6b2ywge80n8swludraeed2] C:\Users\Laura\AppData\Local\Temp\dgh54leh0uos.exe
O4 - HKCU\..\Run: [ldvm2enibykb41o84gay4] C:\Users\Laura\AppData\Local\Temp\h5t6yh.exe
O4 - HKCU\..\Run: [e4vx3k9eowhqnl37t6v5fvfzwtqv437z05p1kbo4b6uvpolgg5] C:\Users\Laura\AppData\Local\Temp\vyo9t7tmjon.exe
O4 - HKCU\..\Run: [jo6tog4t206r2nc0ftbs15m36szi20cvqzueix6q8rhwmt] C:\Users\Laura\AppData\Local\Temp\z0ebnt1ju.exe
O4 - HKCU\..\Run: [i02do0ekfegc439nby2ask6a1tjp9503x1krlxfx01aa] C:\Users\Laura\AppData\Local\Temp\wmdwfuu2s4lgo.exe
O4 - HKCU\..\Run: [isgd34yt0] C:\Users\Laura\AppData\Local\Temp\qodwio.exe
O4 - HKCU\..\Run: [ex1w1124zdvnkvvw70hawh7rk5da22sr8jwv] C:\Users\Laura\AppData\Local\Temp\nkkpe8h.exe
O4 - HKCU\..\Run: [guutmzrg72gcr77ai14mipw9djwsyuw5yj2zhur2ikc8kw] C:\Users\Laura\AppData\Local\Temp\mn1x49.exe
O4 - HKCU\..\Run: [os53k3znlxjets5bv6ynv8qjcldoublr316qo7tmwpru3xw5m] C:\Users\Laura\AppData\Local\Temp\jequ4ycuvmt.exe
O4 - HKCU\..\Run: [i7hy2yvirz6bort7933c8oasq2] C:\Users\Laura\AppData\Local\Temp\hl01dkcie6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF6746F-B066-4CC4-B3D8-969497E856B5}: NameServer = 85.255.112.91,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{A87A3AAB-9538-465B-AD93-EBDA601BE80B}: NameServer = 85.255.112.91,85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.91,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.91,85.255.112.85
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hs3i7jdgfd.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
--
End of file - 16432 bytes
Thanks for any help!