Logfile of HijackThis v1.99.1 Scan saved at 7:09:00 PM, on 9/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: G:\WINDOWS\System32\smss[Caution: Executable File] G:\WINDOWS\system32\winlogon[Caution: Executable File] G:\WINDOWS\system32\services[Caution: Executable File] G:\WINDOWS\system32\lsass[Caution: Executable File] G:\WINDOWS\system32\svchost[Caution: Executable File] G:\Program Files\Windows Defender\MsMpEng[Caution: Executable File] G:\WINDOWS\System32\svchost[Caution: Executable File] G:\WINDOWS\system32\spoolsv[Caution: Executable File] G:\WINDOWS\Explorer[Caution: Executable File] G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr[Caution: Executable File] G:\Program Files\Trend Micro\OfficeScan Client\pccntmon[Caution: Executable File] G:\WINDOWS\system32\CTsvcCDA[Caution: Executable File] G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: Executable File] G:\Program Files\Cisco Systems\VPN Client\cvpnd[Caution: Executable File] G:\Program Files\Windows Defender\MSASCui[Caution: Executable File] G:\Program Files\iTunes\iTunesHelper[Caution: Executable File] G:\Program Files\QuickTime\qttask[Caution: Executable File] G:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] G:\PROGRA~1\SurfPass\Firebird\bin\fbserver[Caution: Executable File] G:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan[Caution: Executable File] G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc[Caution: Executable File] G:\WINDOWS\system32\rundll32[Caution: Executable File] G:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap[Caution: Executable File] G:\Program Files\Trend Micro\OfficeScan Client\tmlisten[Caution: Executable File] G:\WINDOWS\TEMP\ZD651B[Caution: Executable File] G:\Program Files\iPod\bin\iPodService[Caution: Executable File] G:\WINDOWS\system32\svchost[Caution: Executable File] G:\Program Files\Internet Explorer\iexplore[Caution: Executable File] G:\Program Files\Internet Explorer\iexplore[Caution: Executable File] G:\WINDOWS\system32\rundll32[Caution: Executable File] G:\DOCUME~1\wz_2\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [samsung LBP SM] "G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr[Caution: Executable File]" /autorun O4 - HKLM\..\Run: [OfficeScanNT Monitor] "G:\Program Files\Trend Micro\OfficeScan Client\pccntmon[Caution: Executable File]" -HideWindow O4 - HKLM\..\Run: [NVMixerTray] "G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: Executable File]" O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName O4 - HKLM\..\Run: [MSPY2002] G:\WINDOWS\system32\IME\PINTLGNT\ImScInst[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [iMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] G:\WINDOWS\ime\imkr6_1\IMEKRMIG[Caution: Executable File] O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui[Caution: Executable File]" -hide O4 - HKLM\..\Run: [ParentalControl] G:\Program Files\Parental Control\ParentalControl[Caution: Executable File] /SERVICE O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper[Caution: Executable File]" O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: Executable File] nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs[Caution: Executable File] O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5553572238 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA[Caution: Executable File] O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Cisco Systems\VPN Client\cvpnd[Caution: Executable File] O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - G:\PROGRA~1\SurfPass\Firebird\bin\fbserver[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan[Caution: Executable File] O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc[Caution: Executable File] O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\tmlisten[Caution: Executable File]