Logfile of HijackThis v1.99.1
Scan saved at 9:47:00 AM, on 24/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system32\sncntr.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\windows\system32\msevnt.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\sysint16.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PKWARE\PKZIPW\PKZIPW.exe
C:\DOCUME~1\RUPERT~1\LOCALS~1\Temp\PK429.tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telstra.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www.usyd.edu.au/proxy.pac:1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
F3 - REG:win.ini: run=c:\windows\system32\grviewex.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [EVSIXXGC] c:\windows\system32\evsixxgc.exe /install
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [msevnt] c:\windows\system32\msevnt.exe /nocomm
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sysint16] c:\windows\system32\sysint16.exe
O4 - HKLM\..\Run: [Dvrvideo] c:\windows\system32\dvrvideo.exe
O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKCU\..\Run: [Mousecntl32] c:\windows\system32\mousecntl32.exe
O4 - HKCU\..\Run: [Dlldmt] c:\windows\system32\dlldmt.exe
O4 - HKCU\..\Run: [Dvrvideo] c:\windows\system32\dvrvideo.exe
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKCU\..\Run: [De32gen] c:\windows\system32\de32gen.exe
O4 - HKCU\..\Run: [Dvraudio] c:\windows\system32\dvraudio.exe
O4 - HKCU\..\Run: [Keybdcntl] c:\windows\system32\keybdcntl.exe
O4 - HKCU\..\Run: [Grviewex] c:\windows\system32\grviewex.exe
O4 - Global Startup: Billminder.lnk = E:\QUICKENW\billmind.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telstra.com
O16 - DPF: Win32 Classes -
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/download.mp3.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.sexyteenprincess.com/xxxpassword.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3823409293
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D9C0AD4-28AA-4941-A7D5-88D840A6AAF2}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D9C0AD4-28AA-4941-A7D5-88D840A6AAF2}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D9C0AD4-28AA-4941-A7D5-88D840A6AAF2}: NameServer = 139.134.5.51,139.134.2.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: mad.dll,APITRAP.DLL
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe