Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:59 PM, on 4/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\docume~1\alkeyn~1\locals~1\temp\sdq .exe
c:\windows\svojya .exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Documents and Settings\ALKEY NOEL\Local Settings\Application Data\ave.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\microsoft office\office12\groovemonitor .exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldwserv.exe
C:\WINDOWS\system32\dldwcoms.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice161.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\dell support center\bin\sprtcmd .exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\att-sst\mccitrayapp .exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\18299635\18299635.exe
c:\documents and settings\alkey noel\application data\microsoft\network\svchost .exe
c:\documents and settings\alkey noel\application data\microsoft\network\wuauclt .exe
c:\docume~1\alkeyn~1\locals~1\temp\jndbhz2 .exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SeekService\seekservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\user.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\install.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\winlogon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\drweb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\win16.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\cmd.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\services.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\iexplarer.exe
c:\docume~1\alkeyn~1\locals~1\temp\sdq .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651} - C:\Program Files\P2P_MAX_EN_Atube\tbP2P1.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,SKEYS /I,
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651} - C:\Program Files\P2P_MAX_EN_Atube\tbP2P1.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [09273122] C:\Documents and Settings\All Users\Application Data\09273122\09273122.exe
O4 - HKLM\..\Run: [84685637] C:\DOCUME~1\ALLUSE~1\APPLIC~1\84685637\84685637.exe
O4 - HKLM\..\Run: [73141218] C:\DOCUME~1\ALLUSE~1\APPLIC~1\73141218\73141218.exe
O4 - HKLM\..\Run: [16011514] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16011514\16011514.exe
O4 - HKLM\..\Run: [18299635] C:\DOCUME~1\ALLUSE~1\APPLIC~1\18299635\18299635.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\ALKEY NOEL\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Network Service] c:\documents and settings\alkey noel\application data\microsoft\network\svchost .exe
O4 - HKCU\..\Run: [Microsoft Update Service] c:\documents and settings\alkey noel\application data\microsoft\network\wuauclt .exe
O4 - HKCU\..\Run: [YVIBBBHA8C] c:\docume~1\alkeyn~1\locals~1\temp\sdq .exe
O4 - HKCU\..\Run: [Twunk_32exp.exe] C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\Twunk_32exp.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\ALKEYN~1\LOCALS~1\Temp\cmd.exe
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] c:\docume~1\alkeyn~1\locals~1\temp\jndbhz2 .exe
O4 - HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Svojya.exe
O4 - HKUS\S-1-5-18\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\notepad.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\notepad.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ALKEY NOEL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2039E222-2628-41AB-9BB2-35F3B243EF82}: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{2039E222-2628-41AB-9BB2-35F3B243EF82}: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS2\Services\Tcpip\..\{2039E222-2628-41AB-9BB2-35F3B243EF82}: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CS3\Services\Tcpip\..\{2039E222-2628-41AB-9BB2-35F3B243EF82}: NameServer = 93.188.162.188,93.188.166.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.188,93.188.166.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\md64rv8.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldwCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe
O23 - Service: dldw_device - - C:\WINDOWS\system32\dldwcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice161.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi143.exe
O24 - Desktop Component 0: (no name) - http://www.hotels.com/hotels/CDT_RPOR-exter-1.jpg
O24 - Desktop Component 1: (no name) - http://www.hotels.com/hotels/thumbs/ORL_HIHS-exter-1-thumb.jpg
--
End of file - 14598 bytes