chazz
2009-08-27, 21:54
Friends:
I hope I'm doing this per protocol. Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:21 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?hl=en&shva=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\System32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\System32\igfxpers.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1291] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5698] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1877] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5096] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5377] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1240] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5274] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6184] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA565] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3183] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9595] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8583] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4651] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6807] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5027] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9398] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2593] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8273] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9394] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8458] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6185] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9225] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3901] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7554] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC236] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5344] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5407] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1999] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7642] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7813] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7178] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6524] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3467] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3696] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7960] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5761] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA202] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7332] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitZip - Powered by Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe --theme "BitZip"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8392] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6358] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4112] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9113] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5971] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9382] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3953] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9557] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3659] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5407] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8835] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1945] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1781] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8837] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9501] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD753] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2662] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6568] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3676] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3197] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8779] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5503] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5796] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD870] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3634] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1749] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7093] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1067] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7785] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4533] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8993] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1289] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4174] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1763] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3964] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7885] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9506] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9885] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7153] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5151] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: snctel.dll
O20 - Winlogon Notify: modzlib - modzlib.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.franklinbowlesgallery.com/SF/Artists/Medvedev/Pages/Canvas/MEDV1310P.jpg
--
End of file - 16087 bytes
in my near complete bewilderment I ran Spybot before posting my HJT log.
I hope I'm doing this per protocol. Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:21 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?hl=en&shva=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\System32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\System32\igfxpers.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1291] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5698] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1877] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5096] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5377] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1240] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5274] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6184] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA565] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3183] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9595] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8583] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4651] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6807] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5027] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9398] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2593] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8273] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9394] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8458] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6185] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9225] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3901] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7554] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC236] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5344] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5407] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1999] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7642] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7813] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7178] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6524] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3467] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3696] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7960] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5761] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA202] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7332] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitZip - Powered by Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe --theme "BitZip"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8392] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6358] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4112] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9113] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5971] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9382] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3953] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9557] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3659] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5407] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8835] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1945] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1781] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8837] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9501] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD753] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2662] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6568] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3676] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3197] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8779] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5503] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5796] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD870] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmwoppppwo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3634] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1749] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7093] command.com /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1067] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmpjcubejn.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7785] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4533] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8993] command.com /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1289] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvritvxtu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4174] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1763] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3964] command.com /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7885] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmdewemxfq.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9506] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9885] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7153] command.com /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5151] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmtcovgtdv.dat"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: snctel.dll
O20 - Winlogon Notify: modzlib - modzlib.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.franklinbowlesgallery.com/SF/Artists/Medvedev/Pages/Canvas/MEDV1310P.jpg
--
End of file - 16087 bytes
in my near complete bewilderment I ran Spybot before posting my HJT log.