Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:09:57 AM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238805614718
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 5516 bytes
ALSO HERE IS THIS LOG AS WELL
----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1077
+----------------------------------------------------
--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
[HIDDEN_FILE]:
FullPath : Master Boot Record (MBR) Sector
FullPathLength: 0
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x0
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\ACRORD32.EXE-01080F7C.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-1A3A138E.pf
FullPathLength: 48
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-27A3E5C5.pf
FullPathLength: 48
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\AGENT.EXE-00ED4190.pf
FullPathLength: 41
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\BCMWLTRY.EXE-2A90025A.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\BPTU85451.EXE-22A72EC7.pf
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\CMCSERVICE.EXE-02BA0108.pf
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DLCCCOMS.EXE-2D331215.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DLCCJSWX.EXE-071BE6D2.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DLCCMON.EXE-151FD002.pf
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DLCCPSWX.EXE-2BA9239A.pf
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DLLHOST.EXE-14573387.pf
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\WINDOWS\Prefetch\DSAGNT.EXE-2DA183E7.pf
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
17 hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.
Edited by Pandy, 22 February 2010 - 06:03 AM.
MOved from Win XP Home and Pro ~Pandy