Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:42 PM, on 4/16/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program
Files\Synaptics\SynTP\SynTPStart.exe
C:\Program
Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick
Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP
QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program Files\HP\Digital
Imaging\bin\HpqSRmon.exe
c:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software
Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02
\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common
Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media
Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12
\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-
Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web
Printing\hpswp_clipbook.exe
C:\Program Files\Internet
Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32
\Macromed\Flash\FlashUtil9f.exe
C:\Users\Chris\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVer
sion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-
9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-
4217-8AA1-95DAC4DFA408} - c:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:\PROGRA~1\COMMON~1\SYMANT~1
\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-
462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.35
72\swg.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-
44C5-91EC-068E3AA1B2D7} - c:\Program
Files\HP\Smart Web
Printing\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
c:\Program Files\Common Files\Symantec
Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program
Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program
Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program
Files\Intel\Intel Matrix Storage
Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program
Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%
\Hewlett-Packard\HP Quick Launch
Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP
QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program
Files\CyberLink\YouCam\MUITransfer\MUIStar
tMenu.exe" "C:\Program
Files\CyberLink\YouCam" update
"Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %
ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program
Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program
Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP
Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02
\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program
Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-scheduler
O4 - HKCU\..\Run: [Sidebar] C:\Program
Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel]
C:\Program Files\Common
Files\LightScribe\LightScribeControlPanel.exe
-hidden
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Dale ball]
"C:\ProgramData\Htmmeowmeow.acrg1"
O4 - HKCU\..\Run: [warn default inter for]
"C:\ProgramData\seek debug copy.hawvxu"
O4 - HKCU\..\Run: [cdloader]
"C:\Users\Chris\AppData\Roaming\mjusbsp\cdlo
ader2.exe" MAGICJACK
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media
Detector] C:\Program Files\Picasa2
\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media
Detector] C:\Program Files\Picasa2
\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and
Launcher.lnk = C:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to
Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB
-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A
-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1
\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote
- {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12
\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495
-38F0-49cb-A538-10282ABF65E7} - c:\Program
Files\HP\Smart Web
Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B7FF2B18
-DBC5-42BE-8CF5-2AEB8A7CB7AD}:
NameServer = 85.255.112.39,85.255.112.40
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B96BB0DC
-13D4-4432-82FE-941D097EA375}: NameServer =
85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1
\Services\Tcpip\Parameters: NameServer =
85.255.112.39,85.255.112.40
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters:
NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Automatic LiveUpdate Scheduler
- Symantec Corporation - c:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.ex
e
O23 - Service: Symantec Event Manager
(ccEvtMgr) - Symantec Corporation - c:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager
(ccSetMgr) - Symantec Corporation - c:\Program
Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation -
c:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard
Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch
Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - c:\Program Files\Common
Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service -
Hewlett-Packard - c:\Program Files\Hewlett-
Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard
Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event
Monitor (IAANTMON) - Intel Corporation -
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: LightScribeService Direct Disc
Labeling Service (LightScribeService) - Hewlett
-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec
Corporation - c:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.E
XE
O23 - Service: LiveUpdate Notice - Symantec
Corporation - c:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture
Service (QBCS) (QPCapSvc) - Unknown owner -
C:\Program
Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS)
(QPSched) - Unknown owner - C:\Program
Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service
(CRVS) (RichVideo) - Unknown owner -
C:\Program Files\CyberLink\Shared
Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown
owner - C:\PROGRA~1\COMMON~1
\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz
Entertainment Group LLC - C:\Program
Files\Vongo\VongoService.exe
--
End of file - 10729 bytes