Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
AntiSpyware Master has mastered this computer AntiSpyware Master has mastered this computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 05-05-2008, 08:49 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: XP


AntiSpyware Master has mastered this computer
Hello all,
Here's my situation. I have my bosses computer and his computer certainly has issues. I have used this forum for my computer and achieved amazing results, so I thought I'd give it a try with another computer. His problem is this. While using the internet, pop up windows arise saying the computer might be infected, blah, blah, blah. (See screen shot 1, attached to this thread) Even if you click cancel, it takes you to AntiSpyware Master's website where it wants you to install some "computer-saving" software. After closing these screens a number of times, a overrun buffer error pops up and says explorer needs to close. (See screen shot 2) Here's the results of the necessary logs. Any help would be much appreciated! Thanks so much.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:41 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
c:\dell\E-center\gtb.exe
C:\Documents and Settings\Rodney\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\gwhhiltb.dll",s
O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\ohxkwgra.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-01 10:40:32
PROTECTIONS: 0
MALWARE: 54
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00132734 adware/24-7-search Adware No 0 Yes No c:\windows\system32\unppc.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@mediaplex[1].txt
00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@date[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Laurie\Cookies\laurie@ads.pointroll[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@bluestreak[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Rodney\Cookies\rodney@adultfriendfinder[1].txt
00219235 adware/commad Adware No 0 Yes No c:\program files\network monitor
00219235 adware/commad Adware No 0 Yes No c:\windows\system32\atmtd.dll._
00242884 Adware/SearchAid Adware No 0 Yes No C:\Program Files\Network Monitor\netmon(2).exe
00280155 adware/systemdoctor Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\run\homepage.monitor.exe
00308505 Application/ErrorSafe HackTools No 0 Yes No C:\Documents and Settings\Rodney\Application Data\winantiviruspro2006freeinstall[1].exe
00502530 Trj/dmRandom.HO Virus/Trojan No 1 Yes No C:\WINDOWS\system32\kdjjv.exe
00523137 Adware/PurityScan Adware No 0 No No C:\244.tmp[■++\Yazzle1552OinAdmin.exe]
00525896 Adware/Yazzle Adware No 0 No No C:\2E2.tmp[■++\Yazzle1552OinAdmin.exe]
01070528 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\rlls.dl_
01178048 Adware/WinAntiSpyware Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\poolsv.exe
01196516 Adware/Yazzle Adware No 0 Yes No C:\245.tmp
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\sys32.exe
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\powersv.exe
01253847 Adware/UltimateCleaner Adware No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\svwin.exe
01264421 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32.exe
01299683 Trj/Downloader.PNC Virus/Trojan No 0 Yes No C:\2E5.tmp
01303739 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\2E3.tmp[BndDrive.dll]
01335444 Adware/Zenosearch Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\thinksnet.exe
01345324 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\iifebxy.dll
01786416 Adware/Yazzle Adware No 0 Yes No C:\2E2.tmp
01824124 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\WINDOWS\system32\vtr(2).dll
01845094 Adware/WinAntiVirus2007 Adware No 0 Yes No C:\WINDOWS\system32\systems.txt
01845200 Trj/Clicker.AFU Virus/Trojan No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\teste_3_2.exe
01954352 Trj/Agent.GMR Virus/Trojan No 1 Yes No C:\2E3.tmp
02080527 Spyware/MarketScore Spyware No 1 Yes No C:\WINDOWS\system32\rlvknlg.ex_
02189256 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Rodney\My Documents\Αdobe\fast.exe
02222362 W32/Gaobot.OXI.worm Virus/Worm No 1 No No C:\Documents and Settings\Rodney\Local Settings\Temp\snapsnet.exe[f02WtR1065.exe]
02222362 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
02688464 Adware/DnsInsider Adware No 0 Yes No C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
02886108 Trj/Downloader.RQA Virus/Trojan No 1 No No C:\2E3.tmp[ISMModule2.exe]
02886407 Application/DownAndRun HackTools No 0 No No C:\2E3.tmp[bndloader.exe]
02886876 Trj/Agent.HKV Virus/Trojan No 1 Yes No C:\info.exe
02887265 Adware/Adband Adware No 0 No No C:\2E3.tmp[ism.exe]
02888175 Adware/Zenosearch Adware No 0 Yes No C:\Program Files\Outerinfo\FF\components\FF.dll
02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP200\A0066464.dll
02895017 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\system32\AрpPatch\notepad.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
02896112 Adware/Yazzle Adware No 0 No No C:\Documents and Settings\Rodney\Local Settings\Temp\yazzsnet.exe[■ó1\Yazzle1281OinAdmin.exe]
02896113 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\yazzsnet.exe
02911014 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\winvsnet.exe
02911014 Adware/AntiSpywareMaster Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0065320.exe
02915115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0066623.dll
02915115 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kwbdlpb.dll
02924237 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\Rodney\Local Settings\Temp\teste1_1cr.exe
02930316 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wvUoLFwV.dll
02930316 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\GEBRSPPJ.DLL
02935884 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\HGGWWPGG.DLL
02935905 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP198\A0065261.dll
02935999 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vxvbwiuq.dll
02936001 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pqjviipy.dll
02936116 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qurfdrln.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 3
;===================================================================================================================================================================================
108742 MEDIUM MS06-006 3
;===================================================================================================================================================================================


Deckard's System Scanner v20071014.68
Run by Rodney on 2008-05-05 11:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-05-05 15:16:22 UTC - RP202 - Deckard's System Scanner Restore Point
18: 2008-04-28 22:40:09 UTC - RP201 - Software Distribution Service 3.0
17: 2008-04-27 15:59:10 UTC - RP200 - Removed WexTech AnswerWorks
16: 2008-04-25 12:35:33 UTC - RP199 - Last known good configuration
15: 2008-04-25 12:35:18 UTC - RP198 - Restore Operation


-- First Restore Point --
1: 2008-04-25 12:35:04 UTC - RP184 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rodney.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-05 11:19:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rodney\Desktop\dss.exe
C:\dell\E-Center\GTB2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-us...tml?channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O1 - Hosts: 192.168.200.3 ad.doubleclick.net
O1 - Hosts: 192.168.200.3 ad.fastclick.net
O1 - Hosts: 192.168.200.3 ads.fastclick.net
O1 - Hosts: 192.168.200.3 ar.atwola.com
O1 - Hosts: 192.168.200.3 atdmt.com
O1 - Hosts: 192.168.200.3 avp.ch
O1 - Hosts: 192.168.200.3 avp.com
O1 - Hosts: 192.168.200.3 avp.ru
O1 - Hosts: 192.168.200.3 awaps.net
O1 - Hosts: 192.168.200.3 banner.fastclick.net
O1 - Hosts: 192.168.200.3 banners.fastclick.net
O1 - Hosts: 192.168.200.3 ca.com
O1 - Hosts: 192.168.200.3 click.atdmt.com
O1 - Hosts: 192.168.200.3 clicks.atdmt.com
O1 - Hosts: 192.168.200.3 customer.symantec.com
O1 - Hosts: 192.168.200.3 dispatch.mcafee.com
O1 - Hosts: 192.168.200.3 download.mcafee.com
O1 - Hosts: 192.168.200.3 download.microsoft.com
O1 - Hosts: 192.168.200.3 downloads-us1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads.microsoft.com
O1 - Hosts: 192.168.200.3 downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 engine.awaps.net
O1 - Hosts: 192.168.200.3 f-secure.com
O1 - Hosts: 192.168.200.3 fastclick.net
O1 - Hosts: 192.168.200.3 ftp.avp.ch
O1 - Hosts: 192.168.200.3 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.f-secure.com
O1 - Hosts: 192.168.200.3 ftp.kasperskylab.ru
O1 - Hosts: 192.168.200.3 ftp.sophos.com
O1 - Hosts: 192.168.200.3 go.microsoft.com
O1 - Hosts: 192.168.200.3 ids.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky.com
O1 - Hosts: 192.168.200.3 liveupdate.symantec.com
O1 - Hosts: 192.168.200.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 192.168.200.3 mast.mcafee.com
O1 - Hosts: 192.168.200.3 mcafee.com
O1 - Hosts: 192.168.200.3 media.fastclick.net
O1 - Hosts: 192.168.200.3 microsoft.com
O1 - Hosts: 192.168.200.3 msdn.microsoft.com
O1 - Hosts: 192.168.200.3 my-etrust.com
O1 - Hosts: 192.168.200.3 nai.com
O1 - Hosts: 192.168.200.3 networkassociates.com
O1 - Hosts: 192.168.200.3 norton.com
O1 - Hosts: 192.168.200.3 office.microsoft.com
O1 - Hosts: 192.168.200.3 pandasoftware.com
O1 - Hosts: 192.168.200.3 phx.corporate-ir.net
O1 - Hosts: 192.168.200.3 rads.mcafee.com
O1 - Hosts: 192.168.200.3 secure.nai.com
O1 - Hosts: 192.168.200.3 securityresponse.symantec.com
O1 - Hosts: 192.168.200.3 service1.symantec.com
O1 - Hosts: 192.168.200.3 sophos.com
O1 - Hosts: 192.168.200.3 spd.atdmt.com
O1 - Hosts: 192.168.200.3 support.microsoft.com
O1 - Hosts: 192.168.200.3 symantec.com
O1 - Hosts: 192.168.200.3 trendmicro.com
O1 - Hosts: 192.168.200.3 update.symantec.com
O1 - Hosts: 192.168.200.3 updates.symantec.com
O1 - Hosts: 192.168.200.3 updates1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates5.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 us.mcafee.com
O1 - Hosts: 192.168.200.3 vil.nai.com
O1 - Hosts: 192.168.200.3 viruslist.com
O1 - Hosts: 192.168.200.3 viruslist.ru
O1 - Hosts: 192.168.200.3 virusscan.jotti.org
O1 - Hosts: 192.168.200.3 virustotal.com
O1 - Hosts: 192.168.200.3 windowsupdate.microsoft.com
O1 - Hosts: 192.168.200.3 www.avp.ch
O1 - Hosts: 192.168.200.3 www.avp.com
O1 - Hosts: 192.168.200.3 www.avp.ru
O1 - Hosts: 192.168.200.3 www.awaps.net
O1 - Hosts: 192.168.200.3 www.ca.com
O1 - Hosts: 192.168.200.3 www.f-secure.com
O1 - Hosts: 192.168.200.3 www.fastclick.net
O1 - Hosts: 192.168.200.3 www.grisoft.com
O1 - Hosts: 192.168.200.3 www.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 www.kaspersky.com
O1 - Hosts: 192.168.200.3 www.kaspersky.ru
O1 - Hosts: 192.168.200.3 www.mcafee.com
O1 - Hosts: 192.168.200.3 www.microsoft.com
O1 - Hosts: 192.168.200.3 www.my-etrust.com
O1 - Hosts: 192.168.200.3 www.nai.com
O1 - Hosts: 192.168.200.3 www.networkassociates.com
O1 - Hosts: 192.168.200.3 www.pandasoftware.com
O1 - Hosts: 192.168.200.3 www.sophos.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.trendmicro.com
O1 - Hosts: 192.168.200.3 www.viruslist.com
O1 - Hosts: 192.168.200.3 www.viruslist.ru
O1 - Hosts: 192.168.200.3 www.virustotal.com
O1 - Hosts: 192.168.200.3 www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing)
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\geBrspPJ.dll
O2 - BHO: {5fc2c3a1-440a-7f4a-8224-b1eb3ab1042c} - {c2401ba3-be1b-4228-a4f7-a0441a3c2cf5} - C:\WINDOWS\system32\fovnpsge.dll
O2 - BHO: (no name) - {F6D97FA7-C239-4895-862C-11BA22E2FBE6} - C:\WINDOWS\system32\hgGwWPgg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\gwhhiltb.dll",s
O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\ohxkwgra.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\IntCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\IntCodec\pmsngr.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: geBrspPJ - C:\WINDOWS\system32\geBrspPJ.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\hphipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 15324 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Rodney\Desktop\HIJACK~1\backups\) -----

backup-20060831-111319-109 O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
backup-20060831-111319-113 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
backup-20060831-111319-205 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
backup-20060831-111319-308 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20060831-111319-810 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
backup-20060831-111319-842 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
backup-20060831-111320-806 O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
backup-20061113-144125-137 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
backup-20080427-114457-306 O17 - HKLM\System\CCS\Services\Tcpip\..\{493B6EAA-E40D-4626-8C8B-C8B505E10ACD}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-114457-339 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.140
backup-20080427-114457-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{C060D1E2-4E2F-4281-A09B-92A1768F1AAF}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-114457-527 O4 - HKCU\..\Run: [Iphrbwca] C:\WINDOWS\system32\s?stem32\w?crtupd.exe
backup-20080427-114457-606 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.140
backup-20080427-114457-610 O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
backup-20080427-114457-702 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA92DB9-62B9-4B91-A82F-87DD36A8BF28}: NameServer = 85.255.115.29,85.255.112.140
backup-20080427-115552-752 O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL (file missing)
backup-20080427-115724-108 O4 - HKLM\..\Run: [BM4b211a49] Rundll32.exe "C:\WINDOWS\system32\bmsqnsui.dll",s
backup-20080427-115724-328 O4 - HKLM\..\Run: [481229d5] rundll32.exe "C:\WINDOWS\system32\vxvbwiuq.dll",b

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-10 09:23:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-05 11:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 11:08:40 0 d-------- C:\Program Files\SpywareBlaster
2008-05-05 10:58:27 96832 --a------ C:\WINDOWS\system32\ohxkwgra.dll
2008-05-05 10:57:31 107584 --a------ C:\WINDOWS\system32\fovnpsge.dll
2008-05-05 10:57:23 104000 --a------ C:\WINDOWS\system32\gwhhiltb.dll
2008-05-05 10:55:29 0 d-------- C:\WINDOWS\LastGood
2008-05-05 10:54:52 107584 --a------ C:\WINDOWS\system32\ubumiqcl.dll
2008-05-05 10:54:48 96832 -----n--- C:\WINDOWS\system32\syfvxwte.dll
2008-05-05 10:54:03 104000 --a------ C:\WINDOWS\system32\vnjtyeik.dll
2008-05-05 10:54:02 0 d-------- C:\Program Files\??sembly
2008-05-05 10:53:50 60928 -----n--- C:\WINDOWS\system32\buflfmfb.dll
2008-05-01 10:45:14 107072 --a------ C:\WINDOWS\system32\uyqeywni.dll
2008-05-01 10:45:07 107072 --a------ C:\WINDOWS\system32\tsxrnyaq.dll
2008-05-01 10:02:58 0 d-------- C:\Program Files\Panda Security
2008-05-01 09:45:31 96320 -----n--- C:\WINDOWS\system32\cmunadmp.dll
2008-04-28 18:11:44 0 d-------- C:\WINDOWS\system32\??crosoft
2008-04-28 16:55:13 0 dr-h----- C:\Documents and Settings\Rodney\Recent
2008-04-26 16:07:26 107072 --a------ C:\WINDOWS\system32\iccslxyx.dll
2008-04-26 16:04:17 106048 --a------ C:\WINDOWS\system32\bmsqnsui.dll
2008-04-25 09:39:14 87104 --a------ C:\WINDOWS\system32\vxvbwiuq.dll
2008-04-25 09:38:01 98880 --a------ C:\WINDOWS\system32\pqjviipy.dll
2008-04-25 09:37:52 97856 --a------ C:\WINDOWS\system32\qurfdrln.dll
2008-04-23 21:46:16 409201 --ahs---- C:\WINDOWS\system32\ggPWwGgh.ini2
2008-04-23 21:46:11 272384 --a------ C:\WINDOWS\system32\hgGwWPgg.dll
2008-04-23 21:44:28 37888 --a------ C:\WINDOWS\system32\wvUoLFwV.dll
2008-04-23 21:41:23 0 d-------- C:\WINDOWS\system32\s?stem32
2008-04-23 21:41:11 0 d-------- C:\WINDOWS\system32\A?pPatch
2008-04-23 21:41:07 0 d-------- C:\WINDOWS\system32\f02WtR
2008-04-23 21:41:06 37888 --a------ C:\WINDOWS\system32\geBrspPJ.dll
2008-04-06 15:10:39 21504 --a------ C:\WINDOWS\jestertb.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-05 11:15:43 0 d-------- C:\Program Files\Common Files
2008-05-05 10:54:02 0 d-------- C:\Program Files\??sembly
2008-04-23 14:45:30 4912 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 14:45:30 56 -r-hs---- C:\WINDOWS\system32\E230E8FA70.sys
2008-03-21 11:15:06 0 d-------- C:\Documents and Settings\Rodney\Application Data\AdobeUM
2008-03-21 11:15:05 37027 --a------ C:\WINDOWS\atmoUn.exe
2008-03-21 11:15:05 0 d-------- C:\Program Files\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]
04/23/2008 09:41 PM 37888 --a------ C:\WINDOWS\system32\geBrspPJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2401ba3-be1b-4228-a4f7-a0441a3c2cf5}]
05/05/2008 10:57 AM 107584 --a------ C:\WINDOWS\system32\fovnpsge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6D97FA7-C239-4895-862C-11BA22E2FBE6}]
04/23/2008 09:46 PM 272384 --a------ C:\WINDOWS\system32\hgGwWPgg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{860C2F6B-CA82-4282-9187-BECCBB66F0AF}"= C:\Program Files\IntCodec\iesplugin.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 03:44 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 03:41 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 03:45 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 12:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 12:56 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 03:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 09:29 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"ECenter"="c:\dell\E-Center\gtb.exe" [06/14/2006 09:17 AM]
"Logitech BT Wizard"="LBTWiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/03/2005 02:58 PM C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/22/2002 03:49 PM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [11/22/2002 03:48 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [11/22/2002 03:50 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 10:42 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [02/27/2003 06:48 PM]
"BM4b211a49"="C:\WINDOWS\system32\gwhhiltb.dll" [05/05/2008 10:57 AM]
"481229d5"="C:\WINDOWS\system32\ohxkwgra.dll" [05/05/2008 10:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/24/2006 7:28:28 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/1/2006 1245 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [4/16/2007 5:15:55 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [11/28/2005 11:04:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"homepage.monitor.exe"=C:\Program Files\IntCodec\isamonitor.exe
"pmsngr.exe"=C:\Program Files\IntCodec\pmsngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6C54318-5AC7-477D-B0A7-49AF5189300C}"= C:\WINDOWS\system32\geBrspPJ.dll [04/23/2008 09:41 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdjjv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrspPJ]
geBrspPJ.dll 04/23/2008 09:41 PM 37888 C:\WINDOWS\system32\geBrspPJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/23/2005 03:47 AM 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGwWPgg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net

92 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-05 11:21:22 ------------
Attached Images
File Type: jpg screen1.JPG (343.3 KB, 6 views)
File Type: jpg screen2.JPG (567.7 KB, 6 views)
Attached Files
File Type: txt extra.txt (21.6 KB, 1 views)
Capt Ike is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-05-2008, 12:46 PM   #2 (permalink)
Analyst, Security Team
 
Rahina's Avatar
 
Join Date: Feb 2007
Posts: 197
OS: Windows XP Pro


Re: AntiSpyware Master has mastered this computer
Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
__________________
Rahina is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-05-2008, 12:49 PM   #3 (permalink)
Analyst, Security Team
 
Rahina's Avatar
 
Join Date: Feb 2007
Posts: 197
OS: Windows XP Pro


Re: AntiSpyware Master has mastered this computer
When you have installed Antivirus, do the following:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Pleasefollow these steps to remove older version Java components and update.
  • Download the latest version of JavaRuntime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.
============

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________
Rahina is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-05-2008, 01:54 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: XP


Re: AntiSpyware Master has mastered this computer
Making the changes now...as for the Anti-virus, you are correct and I am aware he doesn't have any. I've already made that suggestion and was planning on installing AVG when it was clean. I'll do it now though. I'll post back when finished. Thanks for you time.
Capt Ike is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-05-2008, 02:55 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: XP


Re: AntiSpyware Master has mastered this computer
All tasks complete. Here's the results.

ComboFix 08-05-01.3 - Rodney 2008-05-05 17:30:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1523 [GMT -4:00]
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rodney\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Rodney\My Documents\DOBE~1
C:\Documents and Settings\Rodney\My Documents\DOBE~1\fast.exe
C:\Program Files\ISM
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon(2).exe
C:\Program Files\sembly~1
C:\Program Files\video activex access
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\argwkxho.ini
C:\WINDOWS\system32\bmsqnsui.dll
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\etwxvfys.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fovnpsge.dll
C:\WINDOWS\system32\geBrspPJ.dll
C:\WINDOWS\system32\ggPWwGgh.ini
C:\WINDOWS\system32\ggPWwGgh.ini2
C:\WINDOWS\system32\gwhhiltb.dll
C:\WINDOWS\system32\hgGwWPgg.dll
C:\WINDOWS\system32\iccslxyx.dll
C:\WINDOWS\system32\iifebxy.dll
C:\WINDOWS\system32\kdjjv.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohxkwgra.dll
C:\WINDOWS\system32\pmdanumc.ini
C:\WINDOWS\system32\pqjviipy.dll
C:\WINDOWS\system32\quiwbvxv.ini
C:\WINDOWS\system32\qurfdrln.dll
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\tsxrnyaq.dll
C:\WINDOWS\system32\ubumiqcl.dll
C:\WINDOWS\system32\uyqeywni.dll
C:\WINDOWS\system32\vnjtyeik.dll
C:\WINDOWS\system32\vxvbwiuq.dll
C:\WINDOWS\system32\wvUoLFwV.dll
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 17:18 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 17:16 . 2008-05-05 17:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-05 11:16 . 2008-05-05 11:16 <DIR> d-------- C:\Deckard
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 11:08 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-01 10:02 . 2008-05-01 10:03 <DIR> d-------- C:\Program Files\Panda Security
2008-04-25 09:06 . 2008-04-25 09:06 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-23 21:47 . 2008-05-05 11:24 109,768 --a------ C:\WINDOWS\BM4b211a49.xml
2008-04-06 15:10 . 2008-04-06 15:10 21,504 --a------ C:\WINDOWS\jestertb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 21:17 --------- d-----w C:\Program Files\Java
2008-03-21 15:15 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-03-21 15:15 --------- d-----w C:\Program Files\Viewpoint
2008-03-21 15:15 --------- d-----w C:\Documents and Settings\Rodney\Application Data\AdobeUM
2008-03-21 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-04 20:35 746 ---ha-w C:\Documents and Settings\Rodney\Application Data\hpothb07.dat
2006-10-12 19:54 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-10-12 19:54 0 ---ha-w C:\Documents and Settings\Laurie\hpothb07.dat
2006-09-17 01:35 1,420,817 ----a-w C:\Documents and Settings\Rodney\Application Data\Install.dat
2006-08-26 05:19 88,280 ----a-w C:\Documents and Settings\Rodney\Application Data\winantiviruspro2006freeinstall[1].exe
2007-09-15 00:25 144 --sha-w C:\WINDOWS\system32\1209149818.dat
2006-11-13 19:28 88 --sh--r C:\WINDOWS\system32\70FAE830E2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{860C2F6B-CA82-4282-9187-BECCBB66F0AF}"= C:\Program Files\IntCodec\iesplugin.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{860c2f6b-ca82-4282-9187-beccbb66f0af}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 03:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 03:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 09:17 49152]
"Logitech BT Wizard"="LBTWiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 15:49 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 15:48 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 15:50 49152]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 18:48 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 1245 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-16 17:15:55 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-11-28 11:04:50 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrspPJ]
geBrspPJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2005-11-23 03:47 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5162:TCP"= 5162:TCP:PORT_5162
"47680:TCP"= 47680:TCP:PORT_47680
"38516:TCP"= 38516:TCP:PORT_38516
"21770:TCP"= 21770:TCP:PORT_21770
"23430:TCP"= 23430:TCP:PORT_23430
"22742:TCP"= 22742:TCP:PORT_22742
"51449:TCP"= 51449:TCP:PORT_51449
"62260:TCP"= 62260:TCP:PORT_62260
"42965:TCP"= 42965:TCP:PORT_42965
"8434:TCP"= 8434:TCP:PORT_8434
"56886:TCP"= 56886:TCP:PORT_56886
"18895:TCP"= 18895:TCP:PORT_18895
"12320:TCP"= 12320:TCP:PORT_12320
"9820:TCP"= 9820:TCP:PORT_9820
"16160:TCP"= 16160:TCP:PORT_16160
"13379:TCP"= 13379:TCP:PORT_13379
"42318:TCP"= 42318:TCP:PORT_42318
"13341:TCP"= 13341:TCP:PORT_13341
"10118:TCP"= 10118:TCP:PORT_10118
"12941:TCP"= 12941:TCP:PORT_12941
"33883:TCP"= 33883:TCP:PORT_33883
"43824:TCP"= 43824:TCP:PORT_43824
"55945:TCP"= 55945:TCP:PORT_55945
"47324:TCP"= 47324:TCP:PORT_47324
"29535:TCP"= 29535:TCP:PORT_29535
"41961:TCP"= 41961:TCP:PORT_41961
"62188:TCP"= 62188:TCP:PORT_62188
"11356:TCP"= 11356:TCP:PORT_11356
"19883:TCP"= 19883:TCP:PORT_19883
"37191:TCP"= 37191:TCP:PORT_37191
"63340:TCP"= 63340:TCP:PORT_63340
"13813:TCP"= 13813:TCP:PORT_13813
"38563:TCP"= 38563:TCP:PORT_38563
"52761:TCP"= 52761:TCP:PORT_52761
"54367:TCP"= 54367:TCP:PORT_54367
"60988:TCP"= 60988:TCP:PORT_60988
"30191:TCP"= 30191:TCP:PORT_30191
"52461:TCP"= 52461:TCP:PORT_52461
"62095:TCP"= 62095:TCP:PORT_62095
"42290:TCP"= 42290:TCP:PORT_42290
"61156:TCP"= 61156:TCP:PORT_61156
"10771:TCP"= 10771:TCP:PORT_10771
"54683:TCP"= 54683:TCP:PORT_54683
"11707:TCP"= 11707:TCP:PORT_11707
"46523:TCP"= 46523:TCP:PORT_46523
"27488:TCP"= 27488:TCP:PORT_27488
"8266:TCP"= 8266:TCP:PORT_8266
"25504:TCP"= 25504:TCP:PORT_25504
"23988:TCP"= 23988:TCP:PORT_23988
"60180:TCP"= 60180:TCP:PORT_60180
"18860:TCP"= 18860:TCP:PORT_18860
"58203:TCP"= 58203:TCP:PORT_58203
"35633:TCP"= 35633:TCP:PORT_35633
"17680:TCP"= 17680:TCP:PORT_17680
"40480:TCP"= 40480:TCP:PORT_40480
"26268:TCP"= 26268:TCP:PORT_26268
"21867:TCP"= 21867:TCP:PORT_21867
"47090:TCP"= 47090:TCP:PORT_47090
"9441:TCP"= 9441:TCP:PORT_9441
"64236:TCP"= 64236:TCP:PORT_64236
"55011:TCP"= 55011:TCP:PORT_55011
"54386:TCP"= 54386:TCP:PORT_54386
"22523:TCP"= 22523:TCP:PORT_22523
"37188:TCP"= 37188:TCP:PORT_37188
"57570:TCP"= 57570:TCP:PORT_57570
"53308:TCP"= 53308:TCP:PORT_53308
"60715:TCP"= 60715:TCP:PORT_60715
"13863:TCP"= 13863:TCP:PORT_13863
"39095:TCP"= 39095:TCP:PORT_39095
"60457:TCP"= 60457:TCP:PORT_60457
"33316:TCP"= 33316:TCP:PORT_33316
"9098:TCP"= 9098:TCP:PORT_9098
"11736:TCP"= 11736:TCP:PORT_11736
"21266:TCP"= 21266:TCP:PORT_21266
"46293:TCP"= 46293:TCP:PORT_46293
"47895:TCP"= 47895:TCP:PORT_47895
"56168:TCP"= 56168:TCP:PORT_56168
"40184:TCP"= 40184:TCP:PORT_40184
"7820:TCP"= 7820:TCP:PORT_7820
"39985:TCP"= 39985:TCP:PORT_39985
"5419:TCP"= 5419:TCP:PORT_5419
"52574:TCP"= 52574:TCP:PORT_52574
"17840:TCP"= 17840:TCP:PORT_17840
"47371:TCP"= 47371:TCP:PORT_47371
"18758:TCP"= 18758:TCP:PORT_18758
"65435:TCP"= 65435:TCP:PORT_65435
"62402:TCP"= 62402:TCP:PORT_62402
"59848:TCP"= 59848:TCP:PORT_59848
"17422:TCP"= 17422:TCP:PORT_17422
"61829:TCP"= 61829:TCP:PORT_61829
"37449:TCP"= 37449:TCP:PORT_37449
"20707:TCP"= 20707:TCP:PORT_20707
"34481:TCP"= 34481:TCP:PORT_34481
"56383:TCP"= 56383:TCP:PORT_56383
"52142:TCP"= 52142:TCP:PORT_52142
"58520:TCP"= 58520:TCP:PORT_58520
"13121:TCP"= 13121:TCP:PORT_13121


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 13:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 17:43:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successf