Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:10 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\nvsvc3
2.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
iceService
.exe
C:\Program Files\Common Files\InterVideo\DeviceSer
vice\DevSv
c.exe
C:\Program Files\Caymas\Secure Connect\cscservice.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Messenger Detect\mdsrv.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneSer
vice.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\PnkBst
rA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Search
Indexer.ex
e
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVN
Cache.exe
C:\Program Files\Microsoft Office\Office12\GrooveMoni
tor.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monit
or.exe
C:\Program Files\HighCriteria\TotalRe
corder\Tot
RecSched.e
xe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\iTunes\iTunesHelper.
exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon
.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.E
XE
C:\WINDOWS\system32\rundll
32.exe
C:\PROGRA~1\MI3AA1~1\rapim
gr.exe
C:\Program Files\iPod\bin\iPodService
.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe
C:\WINDOWS\system32\DllHos
t.exe
C:\Program Files\Common Files\Adobe\Updater5\Adobe
Updater.ex
e
C:\Program Files\Valve\Steam\Steam.ex
e
C:\Program Files\Trend Micro\HijackThis\HijackThi
s.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
68834316C6
1} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhanc
er.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Common Files\Adobe\Acrobat\Active
X\AcroIEHe
lper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4
C09146192C
A} - C:\Program Files\Real\RealPlayer\rpbr
owserrecor
dplugin.dl
l
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5
B79BFDFEA6
0} - C:\Program Files\BitComet\tools\BitCo
metBHO_1.1
.11.30.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
0988571CEC
B} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B
9E3AAC4465
B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.d
ll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
BBC1D38A37
E} - C:\Program Files\Microsoft Office\Office12\GrooveShel
lExtension
s.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
164760863C
6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
E66B5AD205
D} - C:\Program Files\Google\GoogleToolbar
Notifier\5
.3.4501.14
18\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7
6C02E2E7C4
E} - C:\Program Files\Google\Google Toolbar\Component\fastsear
ch_219B3E1
547538286.
dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-D
C94EC1ACF1
0} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
E72E116A85
6} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8
A89D322906
8} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMoni
tor.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monit
or.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRe
corder\Tot
RecSched.e
xe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
eck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
/install
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.ex
e" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd
.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe"
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Michael\LOCALS
~1\Temp\b.
exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
" /background
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMo
n.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.E
XE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
obe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.6.0_03\bin
\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D
9FCDDC9D60
0} - C:\Program Files\Windows Live\Writer\WriterBrowserE
xtension.d
ll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D
9FCDDC9D60
0} - C:\Program Files\Windows Live\Writer\WriterBrowserE
xtension.d
ll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
663EE0C6C4
9} - C:\PROGRA~1\MICROS~2\Offic
e12\ONBttn
IE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
663EE0C6C4
9} - C:\PROGRA~1\MICROS~2\Offic
e12\ONBttn
IE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
0C04FAE2D4
F} - C:\PROGRA~1\MI3AA1~1\INetR
epl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
0C04FAE2D4
F} - C:\PROGRA~1\MI3AA1~1\INetR
epl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
0C04FAE2D4
F} - C:\PROGRA~1\MI3AA1~1\INetR
epl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MICROS~2\Offic
e12\REFIEB
AR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2
F5B1AA8452
2} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
E107C0EC16
6} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabO16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6
C18A312387
E} (Caymas Secure Tunnel) -
https://64.66.79.197/ui/Axt.cabO16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6
E711F9B56F
E} (Secure Connect) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3
CB6248B04C
D} - C:\Program Files\Microsoft Office\Office12\GrooveSyst
emServices
.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
830C7DD7F5
D} - C:\Program Files\iEvony\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
iceService
.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceSer
vice\DevSv
c.exe
O23 - Service: Secure Connect (CSCService) - Caymas Systems, Inc. - C:\Program Files\Caymas\Secure Connect\cscservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
.exe
O23 - Service: mdsrv - formessengers.com - C:\Program Files\Messenger Detect\mdsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.ex
e
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneSer
vice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
2.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.ex
e
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
rA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 15391 bytes
