Thread: AntiSpyware Master has mastered this computer
View Single Post
Old 05-05-2008, 08:49 AM   #1 (permalink)
Capt Ike
Registered User
 
Join Date: Jun 2005
Posts: 34
OS: XP


AntiSpyware Master has mastered this computer
Hello all,
Here's my situation. I have my bosses computer and his computer certainly has issues. I have used this forum for my computer and achieved amazing results, so I thought I'd give it a try with another computer. His problem is this. While using the internet, pop up windows arise saying the computer might be infected, blah, blah, blah. (See screen shot 1, attached to this thread) Even if you click cancel, it takes you to AntiSpyware Master's website where it wants you to install some "computer-saving" software. After closing these screens a number of times, a overrun buffer error pops up and says explorer needs to close. (See screen shot 2) Here's the results of the necessary logs. Any help would be much appreciated! Thanks so much.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:41 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
c:\dell\E-center\gtb.exe
C:\Documents and Settings\Rodney\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\gwhhiltb.dll",s
O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\ohxkwgra.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-01 10:40:32
PROTECTIONS: 0
MALWARE: 54
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00132734 adware/24-7-search Adware No 0 Yes No c:\windows\system32\unppc.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@mediaplex[1].txt
00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@date[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@ads.pointroll[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@bluestreak[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@adultfriendfinder[1].txt
00219235 adware/commad Adware No 0 Yes No c:\program files\network monitor
00219235 adware/commad Adware No 0 Yes No c:\windows\system32\atmtd.dll._
00242884 Adware/SearchAid Adware No 0 Yes No C:\Program Files\Network Monitor\netmon(2).exe
00280155 adware/systemdoctor Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\run\homepage.monitor.exe
00308505 Application/ErrorSafe HackTools No 0 Yes No C:\Documents and Settings\Rodney\Application Data\winantiviruspro2006freeinstall[1].exe
00502530 Trj/dmRandom.HO Virus/Trojan No 1 Yes No C:\WINDOWS\system32\kdjjv.exe
00523137 Adware/PurityScan Adware No 0 No No C:\244.tmp[■++\Yazzle1552OinAdmin.exe]
00525896 Adware/Yazzle Adware No 0 No No C:\2E2.tmp[■++\Yazzle1552OinAdmin.exe]
01070528 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\rlls.dl_
01178048 Adware/WinAntiSpyware Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\poolsv.exe
01196516 Adware/Yazzle Adware No 0 Yes No C:\245.tmp
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\sys32.exe
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\powersv.exe
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\svwin.exe
01264421 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32.exe
01299683 Trj/Downloader.PNC Virus/Trojan No 0 Yes No C:\2E5.tmp
01303739 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\2E3.tmp[BndDrive.dll]
01335444 Adware/Zenosearch Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\thinksnet.exe
01345324 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\iifebxy.dll
01786416 Adware/Yazzle Adware No 0 Yes No C:\2E2.tmp
01824124 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\WINDOWS\system32\vtr(2).dll
01845094 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\WINDOWS\system32\systems.txt
01845200 Trj/Clicker.AFU Virus/Trojan No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\teste_3_2.exe
01954352 Trj/Agent.GMR Virus/Trojan No 1 Yes No C:\2E3.tmp
02080527 Spyware/MarketScore Spyware No 1 Yes No C:\WINDOWS\system32\rlvknlg.ex_
02189256 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Rodney\My Documents\Αdobe\fast.exe
02222362 W32/Gaobot.OXI.worm Virus/Worm No 1 No No C:\Documents and Settings\Rodney\Local Settings\Temp\snapsnet.exe[f02WtR1065.exe]
02222362 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
02688464 Adware/DnsInsider Adware No 0 Yes No C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
02886108 Trj/Downloader.RQA Virus/Trojan No 1 No No C:\2E3.tmp[ISMModule2.exe]
02886407 Application/DownAndRun HackTools No 0 No No C:\2E3.tmp[bndloader.exe]
02886876 Trj/Agent.HKV Virus/Trojan No 1 Yes No C:\info.exe
02887265 Adware/Adband Adware No 0 No No C:\2E3.tmp[ism.exe]
02888175 Adware/Zenosearch Adware No 0 Yes No C:\Program Files\Outerinfo\FF\components\FF.dll
02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP200\A0066464.dll
02895017 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\system32\AрpPatch\notepad.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
02896112 Adware/Yazzle Adware No 0 No No C:\Documents and Settings\Rodney\Local Settings\Temp\yazzsnet.exe[■ó1\Yazzle1281OinAdmin.exe]
02896113 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\yazzsnet.exe
02911014 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\winvsnet.exe
02911014 Adware/AntiSpywareMaster Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0065320.exe
02915115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0066623.dll
02915115 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kwbdlpb.dll
02924237 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\teste1_1cr.exe
02930316 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wvUoLFwV.dll
02930316 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\GEBRSPPJ.DLL
02935884 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\HGGWWPGG.DLL
02935905 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP198\A0065261.dll
02935999 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vxvbwiuq.dll
02936001 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pqjviipy.dll
02936116 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qurfdrln.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 3
;===================================================================================================================================================================================
108742 MEDIUM MS06-006 3
;===================================================================================================================================================================================


Deckard's System Scanner v20071014.68
Run by Rodney on 2008-05-05 11:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-05-05 15:16:22 UTC - RP202 - Deckard's System Scanner Restore Point
18: 2008-04-28 22:40:09 UTC - RP201 - Software Distribution Service 3.0
17: 2008-04-27 15:59:10 UTC - RP200 - Removed WexTech AnswerWorks
16: 2008-04-25 12:35:33 UTC - RP199 - Last known good configuration
15: 2008-04-25 12:35:18 UTC - RP198 - Restore Operation


-- First Restore Point --
1: 2008-04-25 12:35:04 UTC - RP184 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rodney.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-05 11:19:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rodney\Desktop\dss.exe
C:\dell\E-Center\GTB2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-us...tml?channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O1 - Hosts: 192.168.200.3 ad.doubleclick.net
O1 - Hosts: 192.168.200.3 ad.fastclick.net
O1 - Hosts: 192.168.200.3 ads.fastclick.net
O1 - Hosts: 192.168.200.3 ar.atwola.com
O1 - Hosts: 192.168.200.3 atdmt.com
O1 - Hosts: 192.168.200.3 avp.ch
O1 - Hosts: 192.168.200.3 avp.com
O1 - Hosts: 192.168.200.3 avp.ru
O1 - Hosts: 192.168.200.3 awaps.net
O1 - Hosts: 192.168.200.3 banner.fastclick.net
O1 - Hosts: 192.168.200.3 banners.fastclick.net
O1 - Hosts: 192.168.200.3 ca.com
O1 - Hosts: 192.168.200.3 click.atdmt.com
O1 - Hosts: 192.168.200.3 clicks.atdmt.com
O1 - Hosts: 192.168.200.3 customer.symantec.com
O1 - Hosts: 192.168.200.3 dispatch.mcafee.com
O1 - Hosts: 192.168.200.3 download.mcafee.com
O1 - Hosts: 192.168.200.3 download.microsoft.com
O1 - Hosts: 192.168.200.3 downloads-us1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads.microsoft.com
O1 - Hosts: 192.168.200.3 downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 engine.awaps.net
O1 - Hosts: 192.168.200.3 f-secure.com
O1 - Hosts: 192.168.200.3 fastclick.net
O1 - Hosts: 192.168.200.3 ftp.avp.ch
O1 - Hosts: 192.168.200.3 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.f-secure.com
O1 - Hosts: 192.168.200.3 ftp.kasperskylab.ru
O1 - Hosts: 192.168.200.3 ftp.sophos.com
O1 - Hosts: 192.168.200.3 go.microsoft.com
O1 - Hosts: 192.168.200.3 ids.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky.com
O1 - Hosts: 192.168.200.3 liveupdate.symantec.com
O1 - Hosts: 192.168.200.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 192.168.200.3 mast.mcafee.com
O1 - Hosts: 192.168.200.3 mcafee.com
O1 - Hosts: 192.168.200.3 media.fastclick.net
O1 - Hosts: 192.168.200.3 microsoft.com
O1 - Hosts: 192.168.200.3 msdn.microsoft.com
O1 - Hosts: 192.168.200.3 my-etrust.com
O1 - Hosts: 192.168.200.3 nai.com
O1 - Hosts: 192.168.200.3 networkassociates.com
O1 - Hosts: 192.168.200.3 norton.com
O1 - Hosts: 192.168.200.3 office.microsoft.com
O1 - Hosts: 192.168.200.3 pandasoftware.com
O1 - Hosts: 192.168.200.3 phx.corporate-ir.net
O1 - Hosts: 192.168.200.3 rads.mcafee.com
O1 - Hosts: 192.168.200.3 secure.nai.com
O1 - Hosts: 192.168.200.3 securityresponse.symantec.com
O1 - Hosts: 192.168.200.3 service1.symantec.com
O1 - Hosts: 192.168.200.3 sophos.com
O1 - Hosts: 192.168.200.3 spd.atdmt.com
O1 - Hosts: 192.168.200.3 support.microsoft.com
O1 - Hosts: 192.168.200.3 symantec.com
O1 - Hosts: 192.168.200.3 trendmicro.com
O1 - Hosts: 192.168.200.3 update.symantec.com
O1 - Hosts: 192.168.200.3 updates.symantec.com
O1 - Hosts: 192.168.200.3 updates1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates5.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 us.mcafee.com
O1 - Hosts: 192.168.200.3 vil.nai.com
O1 - Hosts: 192.168.200.3 viruslist.com
O1 - Hosts: 192.168.200.3 viruslist.ru
O1 - Hosts: 192.168.200.3 virusscan.jotti.org
O1 - Hosts: 192.168.200.3 virustotal.com
O1 - Hosts: 192.168.200.3 windowsupdate.microsoft.com
O1 - Hosts: 192.168.200.3 www.avp.ch
O1 - Hosts: 192.168.200.3 www.avp.com
O1 - Hosts: 192.168.200.3 www.avp.ru
O1 - Hosts: 192.168.200.3 www.awaps.net
O1 - Hosts: 192.168.200.3 www.ca.com
O1 - Hosts: 192.168.200.3 www.f-secure.com
O1 - Hosts: 192.168.200.3 www.fastclick.net
O1 - Hosts: 192.168.200.3 www.grisoft.com
O1 - Hosts: 192.168.200.3 www.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 www.kaspersky.com
O1 - Hosts: 192.168.200.3 www.kaspersky.ru
O1 - Hosts: 192.168.200.3 www.mcafee.com
O1 - Hosts: 192.168.200.3 www.microsoft.com
O1 - Hosts: 192.168.200.3 www.my-etrust.com
O1 - Hosts: 192.168.200.3 www.nai.com
O1 - Hosts: 192.168.200.3 www.networkassociates.com
O1 - Hosts: 192.168.200.3 www.pandasoftware.com
O1 - Hosts: 192.168.200.3 www.sophos.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.trendmicro.com
O1 - Hosts: 192.168.200.3 www.viruslist.com
O1 - Hosts: 192.168.200.3 www.viruslist.ru
O1 - Hosts: 192.168.200.3 www.virustotal.com
O1 - Hosts: 192.168.200.3 www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing)
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\geBrspPJ.dll
O2 - BHO: {5fc2c3a1-440a-7f4a-8224-b1eb3ab1042c} - {c2401ba3-be1b-4228-a4f7-a0441a3c2cf5} - C:\WINDOWS\system32\fovnpsge.dll
O2 - BHO: (no name) - {F6D97FA7-C239-4895-862C-11BA22E2FBE6} - C:\WINDOWS\system32\hgGwWPgg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\gwhhiltb.dll",s
O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\ohxkwgra.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\IntCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\IntCodec\pmsngr.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: geBrspPJ - C:\WINDOWS\system32\geBrspPJ.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\hphipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 15324 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Rodney\Desktop\HIJACK~1\backups\) -----

backup-20060831-111319-109 O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
backup-20060831-111319-113 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
backup-20060831-111319-205 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
backup-20060831-111319-308 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20060831-111319-810 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
backup-20060831-111319-842 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
backup-20060831-111320-806 O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
backup-20061113-144125-137 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
backup-20080427-114457-306 O17 - HKLM\System\CCS\Services\Tcpip\..\{493B6EAA-E40D-4626-8C8B-C8B505E10ACD}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-114457-339 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.140
backup-20080427-114457-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{C060D1E2-4E2F-4281-A09B-92A1768F1AAF}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-114457-527 O4 - HKCU\..\Run: [Iphrbwca] C:\WINDOWS\system32\s?stem32\w?crtupd.exe
backup-20080427-114457-606 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.140
backup-20080427-114457-610 O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
backup-20080427-114457-702 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA92DB9-62B9-4B91-A82F-87DD36A8BF28}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-115552-752 O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing)
backup-20080427-115724-108 O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\bmsqnsui.dll",s
backup-20080427-115724-328 O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\vxvbwiuq.dll",b

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-10 09:23:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-05 11:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 11:08:40 0 d-------- C:\Program Files\SpywareBlaster
2008-05-05 10:58:27 96832 --a------ C:\WINDOWS\system32\ohxkwgra.dll
2008-05-05 10:57:31 107584 --a------ C:\WINDOWS\system32\fovnpsge.dll
2008-05-05 10:57:23 104000 --a------ C:\WINDOWS\system32\gwhhiltb.dll
2008-05-05 10:55:29 0 d-------- C:\WINDOWS\LastGood
2008-05-05 10:54:52 107584 --a------ C:\WINDOWS\system32\ubumiqcl.dll
2008-05-05 10:54:48 96832 -----n--- C:\WINDOWS\system32\syfvxwte.dll
2008-05-05 10:54:03 104000 --a------ C:\WINDOWS\system32\vnjtyeik.dll
2008-05-05 10:54:02 0 d-------- C:\Program Files\??sembly
2008-05-05 10:53:50 60928 -----n--- C:\WINDOWS\system32\buflfmfb.dll
2008-05-01 10:45:14 107072 --a------ C:\WINDOWS\system32\uyqeywni.dll
2008-05-01 10:45:07 107072 --a------ C:\WINDOWS\system32\tsxrnyaq.dll
2008-05-01 10:02:58 0 d-------- C:\Program Files\Panda Security
2008-05-01 09:45:31 96320 -----n--- C:\WINDOWS\system32\cmunadmp.dll
2008-04-28 18:11:44 0 d-------- C:\WINDOWS\system32\??crosoft
2008-04-28 16:55:13 0 dr-h----- C:\Documents and Settings\Rodney\Recent
2008-04-26 16:07:26 107072 --a------ C:\WINDOWS\system32\iccslxyx.dll
2008-04-26 16:04:17 106048 --a------ C:\WINDOWS\system32\bmsqnsui.dll
2008-04-25 09:39:14 87104 --a------ C:\WINDOWS\system32\vxvbwiuq.dll
2008-04-25 09:38:01 98880 --a------ C:\WINDOWS\system32\pqjviipy.dll
2008-04-25 09:37:52 97856 --a------ C:\WINDOWS\system32\qurfdrln.dll
2008-04-23 21:46:16 409201 --ahs---- C:\WINDOWS\system32\ggPWwGgh.ini2
2008-04-23 21:46:11 272384 --a------ C:\WINDOWS\system32\hgGwWPgg.dll
2008-04-23 21:44:28 37888 --a------ C:\WINDOWS\system32\wvUoLFwV.dll
2008-04-23 21:41:23 0 d-------- C:\WINDOWS\system32\s?stem32
2008-04-23 21:41:11 0 d-------- C:\WINDOWS\system32\A?pPatch
2008-04-23 21:41:07 0 d-------- C:\WINDOWS\system32\f02WtR
2008-04-23 21:41:06 37888 --a------ C:\WINDOWS\system32\geBrspPJ.dll
2008-04-06 15:10:39 21504 --a------ C:\WINDOWS\jestertb.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-05 11:15:43 0 d-------- C:\Program Files\Common Files
2008-05-05 10:54:02 0 d-------- C:\Program Files\??sembly
2008-04-23 14:45:30 4912 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 14:45:30 56 -r-hs---- C:\WINDOWS\system32\E230E8FA70.sys
2008-03-21 11:15:06 0 d-------- C:\Documents and Settings\Rodney\Application Data\AdobeUM
2008-03-21 11:15:05 37027 --a------ C:\WINDOWS\atmoUn.exe
2008-03-21 11:15:05 0 d-------- C:\Program Files\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]
04/23/2008 09:41 PM 37888 --a------ C:\WINDOWS\system32\geBrspPJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2401ba3-be1b-4228-a4f7-a0441a3c2cf5}]
05/05/2008 10:57 AM 107584 --a------ C:\WINDOWS\system32\fovnpsge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6D97FA7-C239-4895-862C-11BA22E2FBE6}]
04/23/2008 09:46 PM 272384 --a------ C:\WINDOWS\system32\hgGwWPgg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{860C2F6B-CA82-4282-9187-BECCBB66F0AF}"= C:\Program Files\IntCodec\iesplugin.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 03:44 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 03:41 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 03:45 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 12:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 12:56 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 03:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 09:29 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"ECenter"="c:\dell\E-Center\gtb.exe" [06/14/2006 09:17 AM]
"Logitech BT Wizard"="LBTWiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/03/2005 02:58 PM C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/22/2002 03:49 PM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [11/22/2002 03:48 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [11/22/2002 03:50 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 10:42 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [02/27/2003 06:48 PM]
"BM4b211a49"="C:\WINDOWS\system32\gwhhiltb.dll" [05/05/2008 10:57 AM]
"481229d5"="C:\WINDOWS\system32\ohxkwgra.dll" [05/05/2008 10:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/24/2006 7:28:28 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/1/2006 1245 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [4/16/2007 5:15:55 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [11/28/2005 11:04:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"homepage.monitor.exe"=C:\Program Files\IntCodec\isamonitor.exe
"pmsngr.exe"=C:\Program Files\IntCodec\pmsngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6C54318-5AC7-477D-B0A7-49AF5189300C}"= C:\WINDOWS\system32\geBrspPJ.dll [04/23/2008 09:41 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdjjv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrspPJ]
geBrspPJ.dll 04/23/2008 09:41 PM 37888 C:\WINDOWS\system32\geBrspPJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/23/2005 03:47 AM 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGwWPgg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net

92 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-05 11:21:22 ------------
Attached Images
File Type: jpg screen1.JPG (343.3 KB, 6 views)
File Type: jpg screen2.JPG (567.7 KB, 6 views)
Attached Files
File Type: txt extra.txt (21.6 KB, 1 views)
Capt Ike is offline   Reply With Quote