Tech Support Forum - View Single Post - AntiSpyware Master has mastered this computer

Capt Ike · 05-05-2008, 02:55 PM

All tasks complete. Here's the results.

ComboFix 08-05-01.3 - Rodney 2008-05-05 17:30:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1523 [GMT -4:00]
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rodney\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Rodney\My Documents\DOBE~1
C:\Documents and Settings\Rodney\My Documents\DOBE~1\fast.exe
C:\Program Files\ISM
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon(2).exe
C:\Program Files\sembly~1
C:\Program Files\video activex access
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\argwkxho.ini
C:\WINDOWS\system32\bmsqnsui.dll
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\etwxvfys.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fovnpsge.dll
C:\WINDOWS\system32\geBrspPJ.dll
C:\WINDOWS\system32\ggPWwGgh.ini
C:\WINDOWS\system32\ggPWwGgh.ini2
C:\WINDOWS\system32\gwhhiltb.dll
C:\WINDOWS\system32\hgGwWPgg.dll
C:\WINDOWS\system32\iccslxyx.dll
C:\WINDOWS\system32\iifebxy.dll
C:\WINDOWS\system32\kdjjv.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohxkwgra.dll
C:\WINDOWS\system32\pmdanumc.ini
C:\WINDOWS\system32\pqjviipy.dll
C:\WINDOWS\system32\quiwbvxv.ini
C:\WINDOWS\system32\qurfdrln.dll
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\tsxrnyaq.dll
C:\WINDOWS\system32\ubumiqcl.dll
C:\WINDOWS\system32\uyqeywni.dll
C:\WINDOWS\system32\vnjtyeik.dll
C:\WINDOWS\system32\vxvbwiuq.dll
C:\WINDOWS\system32\wvUoLFwV.dll
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 17:18 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 17:16 . 2008-05-05 17:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-05 11:16 . 2008-05-05 11:16 <DIR> d-------- C:\Deckard
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 11:08 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-01 10:02 . 2008-05-01 10:03 <DIR> d-------- C:\Program Files\Panda Security
2008-04-25 09:06 . 2008-04-25 09:06 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-23 21:47 . 2008-05-05 11:24 109,768 --a------ C:\WINDOWS\BM4b211a49.xml
2008-04-06 15:10 . 2008-04-06 15:10 21,504 --a------ C:\WINDOWS\jestertb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 21:17 --------- d-----w C:\Program Files\Java
2008-03-21 15:15 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-03-21 15:15 --------- d-----w C:\Program Files\Viewpoint
2008-03-21 15:15 --------- d-----w C:\Documents and Settings\Rodney\Application Data\AdobeUM
2008-03-21 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-04 20:35 746 ---ha-w C:\Documents and Settings\Rodney\Application Data\hpothb07.dat
2006-10-12 19:54 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-10-12 19:54 0 ---ha-w C:\Documents and Settings\Laurie\hpothb07.dat
2006-09-17 01:35 1,420,817 ----a-w C:\Documents and Settings\Rodney\Application Data\Install.dat
2006-08-26 05:19 88,280 ----a-w C:\Documents and Settings\Rodney\Application Data\winantiviruspro2006freeinstall[1].exe
2007-09-15 00:25 144 --sha-w C:\WINDOWS\system32\1209149818.dat
2006-11-13 19:28 88 --sh--r C:\WINDOWS\system32\70FAE830E2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{860C2F6B-CA82-4282-9187-BECCBB66F0AF}"= C:\Program Files\IntCodec\iesplugin.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{860c2f6b-ca82-4282-9187-beccbb66f0af}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 03:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 03:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 09:17 49152]
"Logitech BT Wizard"="LBTWiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 15:49 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 15:48 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 15:50 49152]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 18:48 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 12

45 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-16 17:15:55 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-11-28 11:04:50 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrspPJ]
geBrspPJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2005-11-23 03:47 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5162:TCP"= 5162:TCP:PORT_5162
"47680:TCP"= 47680:TCP:PORT_47680
"38516:TCP"= 38516:TCP:PORT_38516
"21770:TCP"= 21770:TCP:PORT_21770
"23430:TCP"= 23430:TCP:PORT_23430
"22742:TCP"= 22742:TCP:PORT_22742
"51449:TCP"= 51449:TCP:PORT_51449
"62260:TCP"= 62260:TCP:PORT_62260
"42965:TCP"= 42965:TCP:PORT_42965
"8434:TCP"= 8434:TCP:PORT_8434
"56886:TCP"= 56886:TCP:PORT_56886
"18895:TCP"= 18895:TCP:PORT_18895
"12320:TCP"= 12320:TCP:PORT_12320
"9820:TCP"= 9820:TCP:PORT_9820
"16160:TCP"= 16160:TCP:PORT_16160
"13379:TCP"= 13379:TCP:PORT_13379
"42318:TCP"= 42318:TCP:PORT_42318
"13341:TCP"= 13341:TCP:PORT_13341
"10118:TCP"= 10118:TCP:PORT_10118
"12941:TCP"= 12941:TCP:PORT_12941
"33883:TCP"= 33883:TCP:PORT_33883
"43824:TCP"= 43824:TCP:PORT_43824
"55945:TCP"= 55945:TCP:PORT_55945
"47324:TCP"= 47324:TCP:PORT_47324
"29535:TCP"= 29535:TCP:PORT_29535
"41961:TCP"= 41961:TCP:PORT_41961
"62188:TCP"= 62188:TCP:PORT_62188
"11356:TCP"= 11356:TCP:PORT_11356
"19883:TCP"= 19883:TCP:PORT_19883
"37191:TCP"= 37191:TCP:PORT_37191
"63340:TCP"= 63340:TCP:PORT_63340
"13813:TCP"= 13813:TCP:PORT_13813
"38563:TCP"= 38563:TCP:PORT_38563
"52761:TCP"= 52761:TCP:PORT_52761
"54367:TCP"= 54367:TCP:PORT_54367
"60988:TCP"= 60988:TCP:PORT_60988
"30191:TCP"= 30191:TCP:PORT_30191
"52461:TCP"= 52461:TCP:PORT_52461
"62095:TCP"= 62095:TCP:PORT_62095
"42290:TCP"= 42290:TCP:PORT_42290
"61156:TCP"= 61156:TCP:PORT_61156
"10771:TCP"= 10771:TCP:PORT_10771
"54683:TCP"= 54683:TCP:PORT_54683
"11707:TCP"= 11707:TCP:PORT_11707
"46523:TCP"= 46523:TCP:PORT_46523
"27488:TCP"= 27488:TCP:PORT_27488
"8266:TCP"= 8266:TCP:PORT_8266
"25504:TCP"= 25504:TCP:PORT_25504
"23988:TCP"= 23988:TCP:PORT_23988
"60180:TCP"= 60180:TCP:PORT_60180
"18860:TCP"= 18860:TCP:PORT_18860
"58203:TCP"= 58203:TCP:PORT_58203
"35633:TCP"= 35633:TCP:PORT_35633
"17680:TCP"= 17680:TCP:PORT_17680
"40480:TCP"= 40480:TCP:PORT_40480
"26268:TCP"= 26268:TCP:PORT_26268
"21867:TCP"= 21867:TCP:PORT_21867
"47090:TCP"= 47090:TCP:PORT_47090
"9441:TCP"= 9441:TCP:PORT_9441
"64236:TCP"= 64236:TCP:PORT_64236
"55011:TCP"= 55011:TCP:PORT_55011
"54386:TCP"= 54386:TCP:PORT_54386
"22523:TCP"= 22523:TCP:PORT_22523
"37188:TCP"= 37188:TCP:PORT_37188
"57570:TCP"= 57570:TCP:PORT_57570
"53308:TCP"= 53308:TCP:PORT_53308
"60715:TCP"= 60715:TCP:PORT_60715
"13863:TCP"= 13863:TCP:PORT_13863
"39095:TCP"= 39095:TCP:PORT_39095
"60457:TCP"= 60457:TCP:PORT_60457
"33316:TCP"= 33316:TCP:PORT_33316
"9098:TCP"= 9098:TCP:PORT_9098
"11736:TCP"= 11736:TCP:PORT_11736
"21266:TCP"= 21266:TCP:PORT_21266
"46293:TCP"= 46293:TCP:PORT_46293
"47895:TCP"= 47895:TCP:PORT_47895
"56168:TCP"= 56168:TCP:PORT_56168
"40184:TCP"= 40184:TCP:PORT_40184
"7820:TCP"= 7820:TCP:PORT_7820
"39985:TCP"= 39985:TCP:PORT_39985
"5419:TCP"= 5419:TCP:PORT_5419
"52574:TCP"= 52574:TCP:PORT_52574
"17840:TCP"= 17840:TCP:PORT_17840
"47371:TCP"= 47371:TCP:PORT_47371
"18758:TCP"= 18758:TCP:PORT_18758
"65435:TCP"= 65435:TCP:PORT_65435
"62402:TCP"= 62402:TCP:PORT_62402
"59848:TCP"= 59848:TCP:PORT_59848
"17422:TCP"= 17422:TCP:PORT_17422
"61829:TCP"= 61829:TCP:PORT_61829
"37449:TCP"= 37449:TCP:PORT_37449
"20707:TCP"= 20707:TCP:PORT_20707
"34481:TCP"= 34481:TCP:PORT_34481
"56383:TCP"= 56383:TCP:PORT_56383
"52142:TCP"= 52142:TCP:PORT_52142
"58520:TCP"= 58520:TCP:PORT_58520
"13121:TCP"= 13121:TCP:PORT_13121

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 13:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 17:43:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\dell\E-Center\GTB2.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-05 17:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-05 21:47:32

Pre-Run: 46,766,764,032 bytes free
Post-Run: 46,694,309,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

328 --- E O F --- 2008-05-05 15:59:19

Logfile of HijackThis v1.99.1
Scan saved at 5:52:16 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Rodney\Desktop\hijackthis\HijackThis.exe
c:\dell\E-center\gtb.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: geBrspPJ - geBrspPJ.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

05-05-2008, 02:55 PM	#5 (permalink)
Capt Ike Registered User Join Date: Jun 2005 Posts: 34 OS: XP	Re: AntiSpyware Master has mastered this computer All tasks complete. Here's the results. ComboFix 08-05-01.3 - Rodney 2008-05-05 17:30:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1523 [GMT -4:00] Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Rodney\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt C:\Documents and Settings\Rodney\My Documents\DOBE~1 C:\Documents and Settings\Rodney\My Documents\DOBE~1\fast.exe C:\Program Files\ISM C:\Program Files\ISM\dictionary.gz C:\Program Files\ISM\targets.gz C:\Program Files\network monitor C:\Program Files\network monitor\netmon(2).exe C:\Program Files\sembly~1 C:\Program Files\video activex access C:\temp\0b9 C:\temp\0b9\tmpTF.log C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fse C:\Temp\fse\tmpZTF.log C:\temp\iee C:\temp\iee\tmpZTF.log C:\temp\tn3 C:\WINDOWS\pskt.ini C:\WINDOWS\system32\appatc~1 C:\WINDOWS\system32\argwkxho.ini C:\WINDOWS\system32\bmsqnsui.dll C:\WINDOWS\system32\crosof~1 C:\WINDOWS\system32\etwxvfys.ini C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\f02WtR\f02WtR1065.exe C:\WINDOWS\system32\fovnpsge.dll C:\WINDOWS\system32\geBrspPJ.dll C:\WINDOWS\system32\ggPWwGgh.ini C:\WINDOWS\system32\ggPWwGgh.ini2 C:\WINDOWS\system32\gwhhiltb.dll C:\WINDOWS\system32\hgGwWPgg.dll C:\WINDOWS\system32\iccslxyx.dll C:\WINDOWS\system32\iifebxy.dll C:\WINDOWS\system32\kdjjv.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ohxkwgra.dll C:\WINDOWS\system32\pmdanumc.ini C:\WINDOWS\system32\pqjviipy.dll C:\WINDOWS\system32\quiwbvxv.ini C:\WINDOWS\system32\qurfdrln.dll C:\WINDOWS\system32\regscan.exe C:\WINDOWS\system32\sft.res C:\WINDOWS\system32\sstem3~1 C:\WINDOWS\system32\tsxrnyaq.dll C:\WINDOWS\system32\ubumiqcl.dll C:\WINDOWS\system32\uyqeywni.dll C:\WINDOWS\system32\vnjtyeik.dll C:\WINDOWS\system32\vxvbwiuq.dll C:\WINDOWS\system32\wvUoLFwV.dll C:\WINDOWS\wr.txt . ((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 ))))))))))))))))))))))))))))))) . 2008-05-05 17:18 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-05 17:16 . 2008-05-05 17:16 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-05 11:16 . 2008-05-05 11:16 <DIR> d-------- C:\Deckard 2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-05 11:08 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2008-05-01 10:02 . 2008-05-01 10:03 <DIR> d-------- C:\Program Files\Panda Security 2008-04-25 09:06 . 2008-04-25 09:06 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-04-23 21:47 . 2008-05-05 11:24 109,768 --a------ C:\WINDOWS\BM4b211a49.xml 2008-04-06 15:10 . 2008-04-06 15:10 21,504 --a------ C:\WINDOWS\jestertb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-05 21:17 --------- d-----w C:\Program Files\Java 2008-03-21 15:15 37,027 ----a-w C:\WINDOWS\atmoUn.exe 2008-03-21 15:15 --------- d-----w C:\Program Files\Viewpoint 2008-03-21 15:15 --------- d-----w C:\Documents and Settings\Rodney\Application Data\AdobeUM 2008-03-21 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-04-04 20:35 746 ---ha-w C:\Documents and Settings\Rodney\Application Data\hpothb07.dat 2006-10-12 19:54 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2006-10-12 19:54 0 ---ha-w C:\Documents and Settings\Laurie\hpothb07.dat 2006-09-17 01:35 1,420,817 ----a-w C:\Documents and Settings\Rodney\Application Data\Install.dat 2006-08-26 05:19 88,280 ----a-w C:\Documents and Settings\Rodney\Application Data\winantiviruspro2006freeinstall[1].exe 2007-09-15 00:25 144 --sha-w C:\WINDOWS\system32\1209149818.dat 2006-11-13 19:28 88 --sh--r C:\WINDOWS\system32\70FAE830E2.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{860C2F6B-CA82-4282-9187-BECCBB66F0AF}"= C:\Program Files\IntCodec\iesplugin.dll [ ] [HKEY_CLASSES_ROOT\clsid\{860c2f6b-ca82-4282-9187-beccbb66f0af}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 03:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 03:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 09:17 49152] "Logitech BT Wizard"="LBTWiz.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 15:49 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 15:48 348160] "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 15:50 49152] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 18:48 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 1245 24576] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-16 17:15:55 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-11-28 11:04:50 532480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrspPJ] geBrspPJ.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2005-11-23 03:47 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5162:TCP"= 5162:TCP:PORT_5162 "47680:TCP"= 47680:TCP:PORT_47680 "38516:TCP"= 38516:TCP:PORT_38516 "21770:TCP"= 21770:TCP:PORT_21770 "23430:TCP"= 23430:TCP:PORT_23430 "22742:TCP"= 22742:TCP:PORT_22742 "51449:TCP"= 51449:TCP:PORT_51449 "62260:TCP"= 62260:TCP:PORT_62260 "42965:TCP"= 42965:TCP:PORT_42965 "8434:TCP"= 8434:TCP:PORT_8434 "56886:TCP"= 56886:TCP:PORT_56886 "18895:TCP"= 18895:TCP:PORT_18895 "12320:TCP"= 12320:TCP:PORT_12320 "9820:TCP"= 9820:TCP:PORT_9820 "16160:TCP"= 16160:TCP:PORT_16160 "13379:TCP"= 13379:TCP:PORT_13379 "42318:TCP"= 42318:TCP:PORT_42318 "13341:TCP"= 13341:TCP:PORT_13341 "10118:TCP"= 10118:TCP:PORT_10118 "12941:TCP"= 12941:TCP:PORT_12941 "33883:TCP"= 33883:TCP:PORT_33883 "43824:TCP"= 43824:TCP:PORT_43824 "55945:TCP"= 55945:TCP:PORT_55945 "47324:TCP"= 47324:TCP:PORT_47324 "29535:TCP"= 29535:TCP:PORT_29535 "41961:TCP"= 41961:TCP:PORT_41961 "62188:TCP"= 62188:TCP:PORT_62188 "11356:TCP"= 11356:TCP:PORT_11356 "19883:TCP"= 19883:TCP:PORT_19883 "37191:TCP"= 37191:TCP:PORT_37191 "63340:TCP"= 63340:TCP:PORT_63340 "13813:TCP"= 13813:TCP:PORT_13813 "38563:TCP"= 38563:TCP:PORT_38563 "52761:TCP"= 52761:TCP:PORT_52761 "54367:TCP"= 54367:TCP:PORT_54367 "60988:TCP"= 60988:TCP:PORT_60988 "30191:TCP"= 30191:TCP:PORT_30191 "52461:TCP"= 52461:TCP:PORT_52461 "62095:TCP"= 62095:TCP:PORT_62095 "42290:TCP"= 42290:TCP:PORT_42290 "61156:TCP"= 61156:TCP:PORT_61156 "10771:TCP"= 10771:TCP:PORT_10771 "54683:TCP"= 54683:TCP:PORT_54683 "11707:TCP"= 11707:TCP:PORT_11707 "46523:TCP"= 46523:TCP:PORT_46523 "27488:TCP"= 27488:TCP:PORT_27488 "8266:TCP"= 8266:TCP:PORT_8266 "25504:TCP"= 25504:TCP:PORT_25504 "23988:TCP"= 23988:TCP:PORT_23988 "60180:TCP"= 60180:TCP:PORT_60180 "18860:TCP"= 18860:TCP:PORT_18860 "58203:TCP"= 58203:TCP:PORT_58203 "35633:TCP"= 35633:TCP:PORT_35633 "17680:TCP"= 17680:TCP:PORT_17680 "40480:TCP"= 40480:TCP:PORT_40480 "26268:TCP"= 26268:TCP:PORT_26268 "21867:TCP"= 21867:TCP:PORT_21867 "47090:TCP"= 47090:TCP:PORT_47090 "9441:TCP"= 9441:TCP:PORT_9441 "64236:TCP"= 64236:TCP:PORT_64236 "55011:TCP"= 55011:TCP:PORT_55011 "54386:TCP"= 54386:TCP:PORT_54386 "22523:TCP"= 22523:TCP:PORT_22523 "37188:TCP"= 37188:TCP:PORT_37188 "57570:TCP"= 57570:TCP:PORT_57570 "53308:TCP"= 53308:TCP:PORT_53308 "60715:TCP"= 60715:TCP:PORT_60715 "13863:TCP"= 13863:TCP:PORT_13863 "39095:TCP"= 39095:TCP:PORT_39095 "60457:TCP"= 60457:TCP:PORT_60457 "33316:TCP"= 33316:TCP:PORT_33316 "9098:TCP"= 9098:TCP:PORT_9098 "11736:TCP"= 11736:TCP:PORT_11736 "21266:TCP"= 21266:TCP:PORT_21266 "46293:TCP"= 46293:TCP:PORT_46293 "47895:TCP"= 47895:TCP:PORT_47895 "56168:TCP"= 56168:TCP:PORT_56168 "40184:TCP"= 40184:TCP:PORT_40184 "7820:TCP"= 7820:TCP:PORT_7820 "39985:TCP"= 39985:TCP:PORT_39985 "5419:TCP"= 5419:TCP:PORT_5419 "52574:TCP"= 52574:TCP:PORT_52574 "17840:TCP"= 17840:TCP:PORT_17840 "47371:TCP"= 47371:TCP:PORT_47371 "18758:TCP"= 18758:TCP:PORT_18758 "65435:TCP"= 65435:TCP:PORT_65435 "62402:TCP"= 62402:TCP:PORT_62402 "59848:TCP"= 59848:TCP:PORT_59848 "17422:TCP"= 17422:TCP:PORT_17422 "61829:TCP"= 61829:TCP:PORT_61829 "37449:TCP"= 37449:TCP:PORT_37449 "20707:TCP"= 20707:TCP:PORT_20707 "34481:TCP"= 34481:TCP:PORT_34481 "56383:TCP"= 56383:TCP:PORT_56383 "52142:TCP"= 52142:TCP:PORT_52142 "58520:TCP"= 58520:TCP:PORT_58520 "13121:TCP"= 13121:TCP:PORT_13121 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-02-10 13:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-05 17:43:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe C:\dell\E-Center\GTB2.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-05-05 17:47:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-05 21:47:32 Pre-Run: 46,766,764,032 bytes free Post-Run: 46,694,309,888 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 328 --- E O F --- 2008-05-05 15:59:19 Logfile of HijackThis v1.99.1 Scan saved at 5:52:16 PM, on 5/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Documents and Settings\Rodney\Desktop\hijackthis\HijackThis.exe c:\dell\E-center\gtb.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe" O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: geBrspPJ - geBrspPJ.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe