SCJason
2008-12-08, 19:47
Okay, I tried removing the Mirar and things were still jacked up. As the domain admin, the PC still wouldn't let me enter the registry. I tried Spybot S&D in Safe mode and it's still screwing with IE. The person uses FF anyway, but would like to get this cleaned rather than re-building if it will save time. Here's the HJT file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:10 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\TEMP\MDD93C.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
O2 - BHO: (no name) - {51868EE0-EDE4-44D1-8E2B-56A9EFF73CB9} - C:\WINDOWS\system32\wvuuvWMd.dll
O2 - BHO: (no name) - {767F45CE-ED04-456E-8554-157971B5BB6C} - (no file)
O2 - BHO: C:\WINDOWS\system32\gs73gfidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gs73gfidgf.dll
O2 - BHO: (no name) - {D0B64B63-7FA1-4F28-8673-C76DE35E3924} - (no file)
O2 - BHO: (no name) - {d3c2c5d0-6f97-44c9-86bd-dbc95f2ce5b3} - C:\WINDOWS\system32\hatasefa.dll
O2 - BHO: (no name) - {D86DCC87-2797-4C45-8CF3-424BBEA2F3A9} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Mirar - {2C876912-9EF9-4546-B8DE-8A944D107FE7} - C:\WINDOWS\system32\winkk77.dll
O3 - Toolbar: Mirar - {295006EC-1A1C-424B-BD58-7AD947727AB9} - C:\WINDOWS\system32\winam77.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [FTPWRENV] C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [Tkejecu] rundll32.exe "C:\WINDOWS\Hleferezuqahivaf.dll",e
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Gkibucefu] rundll32.exe "C:\WINDOWS\upujanoxozoquq.dll",e
O4 - HKLM\..\Run: [slspntlpxxovkll] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\giqsxrabloevnot.dll"
O4 - HKLM\..\Run: [88916e7d] rundll32.exe "C:\WINDOWS\system32\anvisafw.dll",b
O4 - HKLM\..\Run: [{16-6E-ED-D2-DW}] c:\windows\system32\dwwnw64r.exe DWmmm01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kcnttsdl.exe DWmmm01FF
O4 - HKLM\..\RunOnce: [SpybotDeletingA6109] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6325] command /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9217] cmd /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5944] command /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4840] cmd /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1772] command /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3899] cmd /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9253] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3699] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2383] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9594] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2599] command /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6589] cmd /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\hbytwerk\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\RunOnce: [SpybotDeletingB5478] command /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9449] cmd /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5094] command /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2522] cmd /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6511] command /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5532] cmd /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1253] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7084] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3641] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7608] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9431] command /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5378] cmd /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5037] command /c del "C:\WINDOWS\system32\msnav32.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD189] cmd /c del "C:\WINDOWS\system32\msnav32.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4024] command /c del "C:\WINDOWS\uninstall_nmon.vbs"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1022] cmd /c del "C:\WINDOWS\uninstall_nmon.vbs"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1757] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3948] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O17 - HKLM\Software\..\Telephony: DomainName = StarkeyInternational.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O20 - AppInit_DLLs: C:\WINDOWS\system32\veketaha.dll
O20 - Winlogon Notify: efcyWNHw - efcyWNHw.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gs73gfidgf.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
--
End of file - 14609 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:10 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\TEMP\MDD93C.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080708
O2 - BHO: (no name) - {51868EE0-EDE4-44D1-8E2B-56A9EFF73CB9} - C:\WINDOWS\system32\wvuuvWMd.dll
O2 - BHO: (no name) - {767F45CE-ED04-456E-8554-157971B5BB6C} - (no file)
O2 - BHO: C:\WINDOWS\system32\gs73gfidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gs73gfidgf.dll
O2 - BHO: (no name) - {D0B64B63-7FA1-4F28-8673-C76DE35E3924} - (no file)
O2 - BHO: (no name) - {d3c2c5d0-6f97-44c9-86bd-dbc95f2ce5b3} - C:\WINDOWS\system32\hatasefa.dll
O2 - BHO: (no name) - {D86DCC87-2797-4C45-8CF3-424BBEA2F3A9} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Mirar - {2C876912-9EF9-4546-B8DE-8A944D107FE7} - C:\WINDOWS\system32\winkk77.dll
O3 - Toolbar: Mirar - {295006EC-1A1C-424B-BD58-7AD947727AB9} - C:\WINDOWS\system32\winam77.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [FTPWRENV] C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [Tkejecu] rundll32.exe "C:\WINDOWS\Hleferezuqahivaf.dll",e
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Gkibucefu] rundll32.exe "C:\WINDOWS\upujanoxozoquq.dll",e
O4 - HKLM\..\Run: [slspntlpxxovkll] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\giqsxrabloevnot.dll"
O4 - HKLM\..\Run: [88916e7d] rundll32.exe "C:\WINDOWS\system32\anvisafw.dll",b
O4 - HKLM\..\Run: [{16-6E-ED-D2-DW}] c:\windows\system32\dwwnw64r.exe DWmmm01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kcnttsdl.exe DWmmm01FF
O4 - HKLM\..\RunOnce: [SpybotDeletingA6109] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6325] command /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9217] cmd /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5944] command /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4840] cmd /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1772] command /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3899] cmd /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9253] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3699] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2383] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9594] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2599] command /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6589] cmd /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\hbytwerk\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\hbytwerk\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\RunOnce: [SpybotDeletingB5478] command /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9449] cmd /c del "C:\WINDOWS\system32\atmtd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5094] command /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2522] cmd /c del "C:\WINDOWS\system32\atmtd.dll._"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6511] command /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5532] cmd /c del "C:\Documents and Settings\hbytwerk\Local Settings\Temp\csrssc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1253] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7084] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\Deewoo.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3641] command /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7608] cmd /c del "C:\Documents and Settings\hbytwerk\Start Menu\Programs\Startup\DW_Start.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9431] command /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5378] cmd /c del "C:\WINDOWS\system32\zxdnt3d.cfg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5037] command /c del "C:\WINDOWS\system32\msnav32.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD189] cmd /c del "C:\WINDOWS\system32\msnav32.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4024] command /c del "C:\WINDOWS\uninstall_nmon.vbs"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1022] cmd /c del "C:\WINDOWS\uninstall_nmon.vbs"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1757] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3948] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vijokofiki] Rundll32.exe "C:\WINDOWS\system32\niwaluyu.dll",s (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O17 - HKLM\Software\..\Telephony: DomainName = StarkeyInternational.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = StarkeyInternational.local
O20 - AppInit_DLLs: C:\WINDOWS\system32\veketaha.dll
O20 - Winlogon Notify: efcyWNHw - efcyWNHw.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gs73gfidgf.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
--
End of file - 14609 bytes