Logfile of HijackThis v1.99.1 Scan saved at 4:47:57 PM, on 5/6/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\tcpsvcs.exe C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\grovel.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\ismserv.exe C:\WINNT\System32\llssrv.exe C:\WINNT\System32\sfmsvc.exe C:\WINNT\System32\sfmprint.exe C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\system32\ntfrs.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\RsFsa.exe C:\WINNT\System32\locator.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe C:\WINNT\System32\snmp.exe C:\Program Files\TapeWare\TWWINSDR.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\lserver.exe C:\WINNT\System32\tftpd.exe C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\dns.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\mqsvc.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\diagorb.exe C:\WINNT\system32\PROMon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\scrsvc.exe C:\WINNT\system32\bootpd.exe C:\WINNT\system32\bootpd.exe C:\WINNT\YumgoHomepageProtector.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\DOCUMENTS AND SETTINGS\HSANTIAGO\MY DOCUMENTS\My Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yumgo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yumgo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yumgo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yumgo.co.uk O1 - Hosts: 66.180.173.39 www.google.ae O1 - Hosts: 66.180.173.39 www.google.am O1 - Hosts: 66.180.173.39 www.google.as O1 - Hosts: 66.180.173.39 www.google.at O1 - Hosts: 66.180.173.39 www.google.az O1 - Hosts: 66.180.173.39 www.google.be O1 - Hosts: 66.180.173.39 www.google.bi O1 - Hosts: 66.180.173.39 www.google.ca O1 - Hosts: 66.180.173.39 www.google.cd O1 - Hosts: 66.180.173.39 www.google.cg O1 - Hosts: 66.180.173.39 www.google.ch O1 - Hosts: 66.180.173.39 www.google.ci O1 - Hosts: 66.180.173.39 www.google.cl O1 - Hosts: 66.180.173.39 www.google.co.cr O1 - Hosts: 66.180.173.39 www.google.co.hu O1 - Hosts: 66.180.173.39 www.google.co.il O1 - Hosts: 66.180.173.39 www.google.co.in O1 - Hosts: 66.180.173.39 www.google.co.je O1 - Hosts: 66.180.173.39 www.google.co.jp O1 - Hosts: 66.180.173.39 www.google.co.ke O1 - Hosts: 66.180.173.39 www.google.co.kr O1 - Hosts: 66.180.173.39 www.google.co.ls O1 - Hosts: 66.180.173.39 www.google.co.nz O1 - Hosts: 66.180.173.39 www.google.co.th O1 - Hosts: 66.180.173.39 www.google.co.ug O1 - Hosts: 66.180.173.39 www.google.co.uk O1 - Hosts: 66.180.173.39 www.google.co.ve O1 - Hosts: 66.180.173.39 www.google.com O1 - Hosts: 66.180.173.39 www.google.com.ag O1 - Hosts: 66.180.173.39 www.google.com.ar O1 - Hosts: 66.180.173.39 www.google.com.au O1 - Hosts: 66.180.173.39 www.google.com.br O1 - Hosts: 66.180.173.39 www.google.com.co O1 - Hosts: 66.180.173.39 www.google.com.cu O1 - Hosts: 66.180.173.39 www.google.com.do O1 - Hosts: 66.180.173.39 www.google.com.ec O1 - Hosts: 66.180.173.39 www.google.com.fj O1 - Hosts: 66.180.173.39 www.google.com.gi O1 - Hosts: 66.180.173.39 www.google.com.gr O1 - Hosts: 66.180.173.39 www.google.com.gt O1 - Hosts: 66.180.173.39 www.google.com.hk O1 - Hosts: 66.180.173.39 www.google.com.ly O1 - Hosts: 66.180.173.39 www.google.com.mt O1 - Hosts: 66.180.173.39 www.google.com.mx O1 - Hosts: 66.180.173.39 www.google.com.my O1 - Hosts: 66.180.173.39 www.google.com.na O1 - Hosts: 66.180.173.39 www.google.com.nf O1 - Hosts: 66.180.173.39 www.google.com.ni O1 - Hosts: 66.180.173.39 www.google.com.np O1 - Hosts: 66.180.173.39 www.google.com.pa O1 - Hosts: 66.180.173.39 www.google.com.pe O1 - Hosts: 66.180.173.39 www.google.com.ph O1 - Hosts: 66.180.173.39 www.google.com.pk O1 - Hosts: 66.180.173.39 www.google.com.pr O1 - Hosts: 66.180.173.39 www.google.com.py O1 - Hosts: 66.180.173.39 www.google.com.sa O1 - Hosts: 66.180.173.39 www.google.com.sg O1 - Hosts: 66.180.173.39 www.google.com.sv O1 - Hosts: 66.180.173.39 www.google.com.tr O1 - Hosts: 66.180.173.39 www.google.com.tw O1 - Hosts: 66.180.173.39 www.google.com.ua O1 - Hosts: 66.180.173.39 www.google.com.uy O1 - Hosts: 66.180.173.39 www.google.com.vc O1 - Hosts: 66.180.173.39 www.google.com.vn O1 - Hosts: 66.180.173.39 www.google.de O1 - Hosts: 66.180.173.39 www.google.dj O1 - Hosts: 66.180.173.39 www.google.dk O1 - Hosts: 66.180.173.39 www.google.es O1 - Hosts: 66.180.173.39 www.google.fi O1 - Hosts: 66.180.173.39 www.google.fm O1 - Hosts: 66.180.173.39 www.google.fr O1 - Hosts: 66.180.173.39 www.google.gg O1 - Hosts: 66.180.173.39 www.google.gl O1 - Hosts: 66.180.173.39 www.google.gm O1 - Hosts: 66.180.173.39 www.google.hn O1 - Hosts: 66.180.173.39 www.google.ie O1 - Hosts: 66.180.173.39 www.google.it O1 - Hosts: 66.180.173.39 www.google.kz O1 - Hosts: 66.180.173.39 www.google.li O1 - Hosts: 66.180.173.39 www.google.lt O1 - Hosts: 66.180.173.39 www.google.lu O1 - Hosts: 66.180.173.39 www.google.lv O1 - Hosts: 66.180.173.39 www.google.mn O1 - Hosts: 66.180.173.39 www.google.ms O1 - Hosts: 66.180.173.39 www.google.mu O1 - Hosts: 66.180.173.39 www.google.mw O1 - Hosts: 66.180.173.39 www.google.nl O1 - Hosts: 66.180.173.39 www.google.no O1 - Hosts: 66.180.173.39 www.google.off.ai O1 - Hosts: 66.180.173.39 www.google.pl O1 - Hosts: 66.180.173.39 www.google.pn O1 - Hosts: 66.180.173.39 www.google.pt O1 - Hosts: 66.180.173.39 www.google.ro O1 - Hosts: 66.180.173.39 www.google.ru O1 - Hosts: 66.180.173.39 www.google.rw O1 - Hosts: 66.180.173.39 www.google.se O1 - Hosts: 66.180.173.39 www.google.sh O1 - Hosts: 66.180.173.39 www.google.sk O1 - Hosts: 66.180.173.39 www.google.sm O1 - Hosts: 66.180.173.39 www.google.td O1 - Hosts: 66.180.173.39 www.google.tm O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\HSANTI~1\LOCALS~1\Temp\ozgpkdofyze.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [scrsvc] C:\WINNT\system32\scrsvc.exe O4 - HKLM\..\Run: [bootpd.exe] C:\WINNT\system32\bootpd.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telestarlocks.com O17 - HKLM\System\CCS\Services\Tcpip\..\{FB540438-0E9A-4825-9AE7-3E3D24B70BAF}: NameServer = 127.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telestarlocks.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = telestarlocks.com O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Secure Port Server (Server Administrator) - Unknown owner - %SystemDrive%\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (file missing) O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe