Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:37 AM, on 7/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
C:\Program Files\DesktopAuthority\DaMaint.exe
C:\Program
Files\DesktopAuthority\DesktopAuthority.exe
C:\Program Files\McAfee\Host Intrusion
Prevention\FireSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program
Files\iPass\iPassConnect\iPassPeriodicUpdateSe
rvice.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\McAfee\Common
Framework\FrameworkService.exe
C:\Program Files\Microsoft SQL
Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\slClient.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\UPHClean\UPHClean.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\
Wuser32.exe
C:\Program Files\Citrix\PNAgent\ssonsvr.exe
C:\Program
Files\Yahoo!\SoftwareUpdate\YahooAUService.ex
e
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Microsoft SQL
Server\MSSQL\Binn\sqlagent.EXE
C:\Windows\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHK
MGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program
Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Cisco Systems\Aironet Client
Monitor\ACUMon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\Common
Framework\udaterui.exe
C:\Program Files\DesktopAuthority\rmgui.exe
C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Host Intrusion
Prevention\FireTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\McAfee\Common
Framework\McTray.exe
C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqSTE08.exe
C:\Program
Files\iPass\iPassConnect\iPassPeriodicUpdateAp
p.exe
C:\Program
Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend
Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/ms
gr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://epinside/inside
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Windows Internet
Explorer provided by Yahoo!
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings,AutoConfigURL =
http://itweb/ins/ie6script.ins
R3 - URLSearchHook: AVG Security Toolbar BHO
- {A3BC75A2-1F87-4686-AA43-5347D756017C}
- C:\Program
Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) -
*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
- (no file)
R3 - URLSearchHook: (no name) -
*{EF99BD32-C1FB-11D2-892F-0090271D4F88}
- (no file)
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dl
l
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com
IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ViewerHelper Class -
{78104A01-8E71-4F30-9A36-3793799615B4} -
C:\Program Files\Microsoft\Rights Management
Add-on\RMAFilt.dll
O2 - BHO: AVG Security Toolbar BHO -
{A3BC75A2-1F87-4686-AA43-5347D756017C} -
C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
- C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572
\swg.dll
O2 - BHO: Google Dictionary Compression sdch -
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
- C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9
564.dll
O2 - BHO: SingleInstance Class -
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
-
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YT
SingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dl
l
O3 - Toolbar: AVG Security Toolbar -
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
- C:\Program
Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHK
MGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,St
artPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program
Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program
Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AGRSMMSG]
AGRSMMSG.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program
Files\Cisco Systems\Aironet Client
Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [CheckMapDrive] C:\Program
Files\UPHClean\CheckMapDrives.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\McAfee\Common Framework\udaterui.exe"
/StartedFromRunKey
O4 - HKLM\..\Run: [Desktop Authority GUI]
"C:\Program Files\DesktopAuthority\rmgui.exe"
O4 - HKLM\..\Run: [DA Remote Management GUI]
"C:\Program Files\DesktopAuthority\rmgui.exe"
O4 - HKLM\..\Run: [YSearchProtection]
"C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent]
C:\WINDOWS\system32\DWRCST.exe
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)]
"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe"
-quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program
Files\Yahoo!\Search
Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolba
rNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE"
/background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE"
/background (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk
= C:\Program Files\Cisco Systems\VPN
Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk
= C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Host Intrusion
Prevention Tray.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Program
Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Service Manager.lnk =
C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCE
L.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\Msjava.dll
O9 - Extra button: (no name) -
{685ec120-f786-4498-a8f0-794d47916161} -
C:\Program Files\Microsoft\Rights Management
Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program
Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40971 -
{685ec120-f786-4498-a8f0-794d47916161} -
C:\Program Files\Microsoft\Rights Management
Add-on\RMAFilt.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR
.DLL
O9 - Extra button: @C:\Program
Files\Microsoft\Rights Management
Add-on\RMARes.dll,-205 -
{aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -
C:\Program Files\Microsoft\Rights Management
Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program
Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40970 -
{aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -
C:\Program Files\Microsoft\Rights Management
Add-on\RMAFilt.dll
O9 - Extra button: (no name) -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .NPSSView: C:\Program
Files\Seagate
Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF:
START_PAGE_URL=http://epinside/inside
O15 - Trusted Zone: *.mjharden.com
O15 - Trusted Zone: *.mjharden.net
O15 - Trusted Zone: *.mjharden.com (HKLM)
O15 - Trusted Zone: *.mjharden.net (HKLM)
O16 - DPF:
{8100D56A-5661-482C-BEE8-AFECE305D968}
(Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5
.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF:
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/g
p.cab
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters:
Domain = TCPL.US
O17 - HKLM\Software\..\Telephony: DomainName
= TCPL.US
O17 -
HKLM\System\CS1\Services\Tcpip\Parameters:
Domain = TCPL.US
O17 -
HKLM\System\CS1\Services\Tcpip\Parameters:
SearchList = tcpl.us,inet.tcpl.us
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters:
SearchList = tcpl.us,inet.tcpl.us
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
- C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch -
{B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9
564.dll
O20 - AppInit_DLLs: DAinit.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll
(file missing)
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component
Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) -
AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberGatekeeper Agent (CGAgent)
- Unknown owner -
C:\PROGRA~1\CYBERG~1\cgasvc.exe (file
missing)
O23 - Service: Cisco Systems, Inc. VPN Service
(CVPND) - Cisco Systems, Inc. - C:\Program
Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DA Remote Management
Maintenance Service (DAMaint) - ScriptLogic
Corporation - C:\Program
Files\DesktopAuthority\DaMaint.exe
O23 - Service: DA Remote Management Service
(DesktopAuthority) - ScriptLogic Corporation -
C:\Program
Files\DesktopAuthority\DesktopAuthority.exe
O23 - Service: DameWare Mini Remote Control
(DWMRCS) - Unknown owner -
C:\WINDOWS\system32\DWRCS.EXE (file
missing)
O23 - Service: McAfee Host Intrusion Prevention
Service (enterceptAgent) - McAfee, Inc. -
C:\Program Files\McAfee\Host Intrusion
Prevention\FireSvc.exe
O23 - Service: Google Software Updater (gusvc) -
Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) -
Unknown owner -
C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. -
C:\Program
Files\iPass\iPassConnect\iPassConnectEngine.ex
e
O23 - Service: iPassPeriodicUpdateApp - iPass,
Inc. - C:\Program
Files\iPass\iPassConnect\iPassPeriodicUpdateAp
p.exe
O23 - Service: iPassPeriodicUpdateService -
iPass, Inc. - C:\Program
Files\iPass\iPassConnect\iPassPeriodicUpdateSe
rvice.exe
O23 - Service: Event Log Watch (LogWatch) -
Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Castanet Tuner 4.6 (Marimba) -
Unknown owner -
C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
(file missing)
O23 - Service: McAfee Framework Service
(McAfeeFramework) - McAfee, Inc. - C:\Program
Files\McAfee\Common
Framework\FrameworkService.exe
O23 - Service: Intel NCS NetService (NetSvc) -
Intel(R) Corporation - C:\Program
Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RSA Authentication Agent Offline
DomainClient (OASVC_DomainClient) - Unknown
owner - C:\Program Files\RSA Security\RSA
Sign-On Manager Client\da_svc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QCONSVC - IBM Corp. -
C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation -
C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor
(S24EventMonitor) - Intel Corporation -
C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: RSA Authentication Agent Network
Authentication Service (sdagentsvc) - Unknown
owner - C:\Program Files\RSA Security\RSA
Sign-On Manager Client\sdagentsvc.exe (file
missing)
O23 - Service: ScriptLogic Service (SLClient) -
ScriptLogic Software Corporation -
C:\WINDOWS\system32\slClient.exe
O23 - Service: IBM KCU Service (TpKmpSVC) -
Unknown owner -
C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Quest Resource Updating Agent
(Vmover.exe) - Quest Software -
C:\WINDOWS\System32\Vmover.exe
O23 - Service: Yahoo! Updater (YahooAUService)
- Yahoo! Inc. - C:\Program
Files\Yahoo!\SoftwareUpdate\YahooAUService.ex
e
--
End of file - 16014 bytes