bigjohn

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:25 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\iegn32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DLink\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {710D83F2-D312-9683-955D-E46F3DC64541} - C:\WINDOWS\ipyk32.dll
O2 - BHO: Class - {A512FB1C-927A-CC1E-86A8-0057B192600A} - C:\WINDOWS\msde.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {C9AAF6C6-1AF0-F61B-55AB-4198770AA549} - C:\WINDOWS\system32\ipwa.dll
O2 - BHO: Class - {DA692D53-0117-E647-4FC9-E8D29D3E7D5F} - C:\WINDOWS\system32\ntog32.dll
O2 - BHO: Class - {E2CF3F20-7B47-7FDF-0B4B-317598789569} - C:\WINDOWS\system32\appnn.dll
O2 - BHO: Class - {F00ADCBD-1759-E8D3-3EB9-1B8318EAC367} - C:\WINDOWS\mssh32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ntal32.exe] C:\WINDOWS\system32\ntal32.exe
O4 - HKLM\..\Run: [iegn32.exe] C:\WINDOWS\iegn32.exe
O4 - HKLM\..\RunOnce: [addok32.exe] C:\WINDOWS\system32\addok32.exe
O4 - HKLM\..\RunOnce: [mfcso32.exe] C:\WINDOWS\mfcso32.exe
O4 - HKLM\..\RunOnce: [sysgi.exe] C:\WINDOWS\sysgi.exe
O4 - HKLM\..\RunOnce: [ntml.exe] C:\WINDOWS\ntml.exe
O4 - HKLM\..\RunOnce: [apinx.exe] C:\WINDOWS\apinx.exe
O4 - HKLM\..\RunOnce: [wingp32.exe] C:\WINDOWS\system32\wingp32.exe
O4 - HKLM\..\RunOnce: [atlls.exe] C:\WINDOWS\atlls.exe
O4 - HKLM\..\RunOnce: [apiop32.exe] C:\WINDOWS\system32\apiop32.exe
O4 - HKLM\..\RunOnce: [netpc32.exe] C:\WINDOWS\system32\netpc32.exe
O4 - HKLM\..\RunOnce: [appfq32.exe] C:\WINDOWS\appfq32.exe
O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe
O4 - HKLM\..\RunOnce: [ipaq.exe] C:\WINDOWS\system32\ipaq.exe
O4 - HKLM\..\RunOnce: [d3qv.exe] C:\WINDOWS\d3qv.exe
O4 - HKLM\..\RunOnce: [crzb.exe] C:\WINDOWS\system32\crzb.exe
O4 - HKLM\..\RunOnce: [winel.exe] C:\WINDOWS\winel.exe
O4 - HKLM\..\RunOnce: [mfcxk.exe] C:\WINDOWS\system32\mfcxk.exe
O4 - HKLM\..\RunOnce: [msde.exe] C:\WINDOWS\msde.exe
O4 - HKLM\..\RunOnce: [mfcuk32.exe] C:\WINDOWS\mfcuk32.exe
O4 - HKLM\..\RunOnce: [javajh.exe] C:\WINDOWS\system32\javajh.exe
O4 - HKLM\..\RunOnce: [javanh32.exe] C:\WINDOWS\system32\javanh32.exe
O4 - HKLM\..\RunOnce: [netde.exe] C:\WINDOWS\netde.exe
O4 - HKLM\..\RunOnce: [addca32.exe] C:\WINDOWS\addca32.exe
O4 - HKLM\..\RunOnce: [sdkfr.exe] C:\WINDOWS\sdkfr.exe
O4 - HKLM\..\RunOnce: [d3jv32.exe] C:\WINDOWS\system32\d3jv32.exe
O4 - HKLM\..\RunOnce: [atlnf32.exe] C:\WINDOWS\system32\atlnf32.exe
O4 - HKLM\..\RunOnce: [netdm.exe] C:\WINDOWS\system32\netdm.exe
O4 - HKLM\..\RunOnce: [d3bh32.exe] C:\WINDOWS\d3bh32.exe
O4 - HKLM\..\RunOnce: [winxl32.exe] C:\WINDOWS\winxl32.exe
O4 - HKLM\..\RunOnce: [addqq32.exe] C:\WINDOWS\system32\addqq32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addok32.exe" /s (file missing)
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



Antispyware

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW'
Found '' in 'CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Found '' in 'SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


SpSeHjfix's log



(7/12/05 5:30:22 PM) SPSeHjFix started v1.1.2
(7/12/05 5:30:22 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/12/05 5:30:22 PM) Language: english
(7/12/05 5:30:22 PM) Win-Path: C:\WINDOWS
(7/12/05 5:30:22 PM) System-Path: C:\WINDOWS\system32
(7/12/05 5:30:22 PM) Temp-Path: C:\DOCUME~1\jthomps\LOCALS~1\Temp\
(7/12/05 5:30:28 PM) Disinfection started
(7/12/05 5:30:28 PM) Bad-Dll(IEP): (not found)
(7/12/05 5:30:28 PM) Bad-Dll(IEP) in BHO: (not found)
(7/12/05 5:30:28 PM) UBF: 4 - UBB: 1 - UBR: 94
(7/12/05 5:30:28 PM) UBF: 4 - UBB: 1 - UBR: 94
(7/12/05 5:30:28 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(7/12/05 5:30:28 PM) Stealth-String not found
(7/12/05 5:30:28 PM) Not infected->END


(7/12/05 5:31:21 PM) SPSeHjFix started v1.1.2
(7/12/05 5:31:21 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/12/05 5:31:21 PM) Language: english
(7/12/05 5:31:21 PM) Win-Path: C:\WINDOWS
(7/12/05 5:31:21 PM) System-Path: C:\WINDOWS\system32
(7/12/05 5:31:21 PM) Temp-Path: C:\DOCUME~1\jthomps\LOCALS~1\Temp\
(7/12/05 5:31:23 PM) Disinfection started
(7/12/05 5:31:23 PM) Bad-Dll(IEP): (not found)
(7/12/05 5:31:23 PM) Bad-Dll(IEP) in BHO: (not found)
(7/12/05 5:31:23 PM) UBF: 4 - UBB: 1 - UBR: 94
(7/12/05 5:31:23 PM) UBF: 4 - UBB: 1 - UBR: 94
(7/12/05 5:31:23 PM) Bad IE-pages: (none)
(7/12/05 5:31:23 PM) Stealth-String not found
(7/12/05 5:31:23 PM) Not infected->END


Thanks for your continued help....