Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer hangs mshtml.dll/hungapp errors


  • This topic is locked This topic is locked
18 replies to this topic

#1 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 13 May 2008 - 11:08 PM

LDTATE: I'm sure everyone is very capable on here however if I can request LDTATE I would appreciate it as he helped me out tremendously in the past.

Hi, I have been having a problem with the MSHTML.dll error for about 3 weeks now and also the HUNGapp error and also other DLL errors and disconnections from some sites that I am on.I recently switched from IE6 to Firefox and I am not getting disconnected from the internet as much , however I can tell the computer is still just not running correctly,. i have recently added memory to my computer making it 768mb and i do see some improvement with that , however I still feel there is a virus in here somewhere that I am missing.
When I scan with Mcafee every night , I get no viruses.
Here is my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:16 AM, on 5/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\UTSCSI.EXE
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magic...dows-i586-p.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\System32\UTSCSI.EXE

--
End of file - 9107 bytes

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 15 May 2008 - 08:33 PM

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 15 May 2008 - 10:59 PM

Hi DLTATE and thank you so much for helping me out,Within the past 1.5 months i have been getting errors such as SZMOD ERROR and MSHTML.DLL ERROR (which causes any program I am looking at to shutdown), I also get some HUNGAPP ERRORS, and I notice that my internet seems very slow gettting to some sites. I had only 156mb ram , so i thought this may hane been the problem , so I added another 512mb about 2 weeks ago ( while I could see some improvement in the speed of the computer , i was still getting some MSHTML.DLL ERRORS and the other errors mentioned above. At this point I suspected my IE6 was corrupted in some way , so I started using Firefox and I did see much less MSHTML.DLL ERRORS however I still have trouble as far as somewimes timing out when trying to get to some sites.
I am now using IE6 again(even though Firefox is still installed). Here are both logs you asked for.
Once again thank you so much for your help.

Malwarebytes' Anti-Malware 1.12
Database version: 755

Scan type: Quick Scan
Objects scanned: 40482
Time elapsed: 20 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.


Here is my current HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:26 AM, on 5/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UTSCSI.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magic...dows-i586-p.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\System32\UTSCSI.EXE

--
End of file - 8892 bytes

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 05:57 AM

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 06:47 PM

ComboFix 08-05-15.3 - Owner 2008-05-16 20:23:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.356 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Uninstall Fun Web Products.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bmqaevgj.ini
C:\WINDOWS\system32\fNWvyyxx.ini
C:\WINDOWS\system32\fNWvyyxx.ini2
C:\WINDOWS\system32\nucagmui.ini
C:\WINDOWS\system32\pndqxhgq.ini
C:\WINDOWS\system32\SYHiQXbc.ini
C:\WINDOWS\system32\SYHiQXbc.ini2
C:\WINDOWS\system32\TuuFfiOq.ini
C:\WINDOWS\system32\TuuFfiOq.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-16 00:21 . 2008-05-16 00:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 00:21 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 01:55 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 01:32 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-14 01:31 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-14 01:30 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-14 01:29 . 2002-08-29 08:00 479,744 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-14 01:28 . 2002-08-29 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-14 01:27 . 2002-08-29 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-05-14 01:26 . 2002-08-29 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-14 01:25 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-14 01:24 . 2002-08-29 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-14 01:23 . 2002-08-29 03:40 921,475 --a--c--- C:\WINDOWS\system32\dllcache\ati3d2ag.dll
2008-05-14 01:22 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-12 21:46 . 2008-05-12 21:46 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-06 23:44 . 2008-05-06 23:45 681 --a------ C:\WINDOWS\mozver.dat
2008-05-04 20:53 . 2008-05-04 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a--c--- C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2008-04-28 18:29 . 2008-04-28 18:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-04-28 17:46 . 2008-04-28 19:09 147,316 --a------ C:\WINDOWS\hpoins17.dat
2008-04-28 17:46 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat
2008-04-28 16:10 . 2008-03-11 23:30 147,316 --------- C:\WINDOWS\hpoins17.dat.temp
2008-04-28 16:10 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat.temp
2008-04-27 23:37 . 2008-05-14 01:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-27 23:04 . 2008-04-27 23:28 964 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-04-27 12:16 . 2007-03-08 00:32 958,464 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-04-27 12:16 . 2007-03-08 00:32 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-04-27 12:16 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-27 12:16 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-27 12:16 . 2007-03-08 00:32 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-27 03:29 . 2008-04-27 03:29 61,224 --a------ C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2008-04-27 02:52 . 2008-05-14 02:07 9,018 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-27 02:48 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-27 02:44 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-27 02:44 . 2008-04-27 02:45 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-27 02:44 . 2008-04-27 23:08 <DIR> d-------- C:\Program Files\McAfee
2008-04-27 02:44 . 2008-04-27 02:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-27 02:24 . 2006-05-18 01:58 458,752 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-25 17:25 . 2008-04-25 17:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 17:25 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\CashBuzz v.3.2
2008-04-25 04:55 . 2008-04-25 04:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Argentum
2008-04-21 02:35 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-21 02:35 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-21 02:35 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-21 02:34 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-21 02:24 . 2008-04-21 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-20 01:12 . 2008-04-20 01:12 <DIR> d-------- C:\kav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 00:18 --------- d-----w C:\Program Files\Poker World
2008-05-16 16:28 --------- d-----w C:\Program Files\Absolute Poker
2008-05-16 06:08 --------- d-----w C:\Program Files\SPAMfighter
2008-05-15 05:55 --------- d-----w C:\Program Files\Java
2008-05-14 06:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\mjusbsp
2008-05-14 04:53 --------- d-----w C:\Program Files\Trend Micro
2008-05-05 00:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-28 21:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-27 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 04:38 --------- d-----w C:\Program Files\Symantec
2008-04-27 04:01 --------- d-----w C:\Program Files\AOD
2008-04-27 04:00 --------- d-----w C:\Program Files\America Online 8.0
2008-04-27 03:57 --------- d-----w C:\Program Files\AIM6
2008-04-27 03:47 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-27 03:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 03:19 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-27 03:17 --------- d-----w C:\Program Files\Quicken
2008-04-27 03:13 --------- d-----w C:\Program Files\AWS
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-26 13:47 3,962 --sha-r C:\WINDOWS\system32\drivers\HP_DF260A-ABA S4030NX NA210_YC_Pres_QMXM330_E33NAheRED4 _4_IKM266-8235_S_V_BAM37317_T030704_WXH1_L409_M224_J60_7AMD_8Athlon XP 2400+_92_1_N10EC8139_P_Z_K_A11063059_U11063038_G53338D04.MRK
2008-04-21 00:30 69,632 ----a-w C:\WINDOWS\system32\s3tray2.exe
2008-04-19 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\vkrkjujk
2008-04-18 02:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-04-18 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-15 04:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-12 17:46 --------- d-----w C:\Program Files\Shockwave.com
2008-04-12 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-12 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-03-27 23:16 685,849 ----a-w C:\WINDOWS\unins000.exe
2008-03-26 21:55 --------- d-----w C:\Program Files\VSO
2008-03-26 21:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 21:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\InterVideo
2008-03-24 03:10 --------- d-----w C:\Program Files\QuickTime
2008-03-22 07:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-03-22 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 20:48 --------- d-----w C:\Program Files\iTunes
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Application
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-03-10 19:17 45,056 ----a-w C:\WINDOWS\system32\UTSCSI.EXE
2008-03-09 23:42 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-29 22:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-12 04:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-17 07:12 374 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-03-17 07:02 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-03-17 06:02 538 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
.

------- Sigcheck -------

2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 02:02:48 C:\hp\KBD\bak\KBD.EXE
----a-w 61,440 2003-02-12 02:02:48 C:\hp\KBD\kbd.exe

----a-w 180,269 2006-08-11 17:36:09 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 151,597 2003-04-10 10:50:52 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 155,648 2003-02-13 15:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe
----a-w 155,648 2003-02-13 15:01:00 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

----a-w 218,240 2004-11-02 20:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 278,528 2006-06-14 20:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 270,648 2007-07-10 14:18:20 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-11-10 17:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 536,576 2005-03-17 15:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe
----a-w 536,576 2005-03-17 16:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

----a-w 282,624 2006-08-14 03:33:53 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 331,776 2003-03-18 08:50:36 C:\WINDOWS\CREATOR\bak\Remind_XP.exe
----a-w 331,776 2003-03-18 08:50:36 C:\WINDOWS\CREATOR\Remind_XP.exe

----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\Recguard.exe

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\hpsysdrv.exe

----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\hkcmd.exe

----a-w 81,920 2002-08-01 02:28:38 C:\WINDOWS\system32\bak\ps2.exe
----a-w 81,920 2002-08-01 02:28:38 C:\WINDOWS\system32\ps2.EXE

----a-w 188,416 2002-11-27 11:29:22 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 12:10 536576]
"cdloader"="C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 10:39 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 20:11 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 06:50 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 04:50 331776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28 81920]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 12:10 317072]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-04-10 07:08:26 16384]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-02-26 12:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 13:55:03 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-05-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-27 04:30:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:26:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-05-16 20:28:55
ComboFix-quarantined-files.txt 2008-05-17 00:28:04

Pre-Run: 39,310,802,944 bytes free
Post-Run: 39,346,139,136 bytes free

243


Here is the new HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:31 PM, on 5/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UTSCSI.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magic...dows-i586-p.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\System32\UTSCSI.EXE

--
End of file - 8437 bytes

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 07:02 PM

Do you see all the programs listed under?
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

Those have been renamed by your infection. This will be about another 4 step process


Please click HERE select Save. Save FindAWF to your desktop.

Double Click FindAWF.exe and let it run, using Option 1, it will create the file awf.txt on your desktop when finished.

Open awf.txt in notepad, select Edit> Select All> Edit> Copy> and Paste the contents.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 07:20 PM

Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Fri 05/16/2008 The current time is: 21:17:10.76 bak folders found ~~~~~~~~~~~ Directory of C:\HP\KBD\BAK 02/11/2003 10:02 PM 61,440 KBD.EXE 1 File(s) 61,440 bytes Directory of C:\PROGRA~1\ITUNES\BAK 06/14/2006 04:24 PM 278,528 iTunesHelper.exe 1 File(s) 278,528 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 08/13/2006 11:33 PM 282,624 qttask.exe 1 File(s) 282,624 bytes Directory of C:\WINDOWS\CREATOR\BAK 03/18/2003 04:50 AM 331,776 Remind_XP.exe 1 File(s) 331,776 bytes Directory of C:\WINDOWS\SMINST\BAK 09/14/2002 12:42 AM 212,992 RECGUARD.EXE 1 File(s) 212,992 bytes Directory of C:\WINDOWS\SYSTEM\BAK 05/07/1998 07:04 PM 52,736 hpsysdrv.exe 1 File(s) 52,736 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 03/11/2003 08:11 PM 114,688 hkcmd.exe 07/31/2002 10:28 PM 81,920 ps2.exe 2 File(s) 196,608 bytes Directory of C:\PROGRA~1\PANICW~1\POP-UP~1\BAK 03/17/2005 11:10 AM 536,576 PSFree.exe 1 File(s) 536,576 bytes Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK 08/11/2006 01:36 PM 180,269 realsched.exe 1 File(s) 180,269 bytes Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK 02/13/2003 11:01 AM 155,648 sgtray.exe 1 File(s) 155,648 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK 11/02/2004 04:59 PM 218,240 UsrPrmpt.exe 1 File(s) 218,240 bytes Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK 11/10/2005 01:03 PM 36,975 jusched.exe 1 File(s) 36,975 bytes Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK 11/27/2002 07:29 AM 188,416 hpztsb07.exe 1 File(s) 188,416 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 61440 Feb 11 2003 "C:\hp\KBD\kbd.exe" 61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.EXE" 270648 Jul 10 2007 "C:\Program Files\iTunes\iTunesHelper.exe" 278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Mar 18 2008 "C:\WINDOWS\Installer\{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}\iTunesIco.exe" 116024 Jul 10 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe" 282624 Aug 13 2006 "C:\Program Files\QuickTime\bak\qttask.exe" 331776 Mar 18 2003 "C:\WINDOWS\CREATOR\Remind_XP.exe" 331776 Mar 18 2003 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\Recguard.exe" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE" 52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe" 52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\hkcmd.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\bak\hkcmd.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe" 81920 Jul 31 2002 "C:\WINDOWS\system32\ps2.EXE" 81920 Jul 31 2002 "C:\hp\drivers\keyboard\PS2.EXE" 81920 Jul 31 2002 "C:\WINDOWS\system32\bak\ps2.exe" 536576 Mar 17 2005 "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" 536576 Mar 17 2005 "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe" 151597 Apr 10 2003 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 180269 Aug 11 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" 155648 Feb 13 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" 155648 Feb 13 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe" 218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe" 32881 May 22 2007 "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" 75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" 75256 Oct 5 2007 "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe" 144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" 36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe" 188416 Nov 27 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe" end of report

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 07:28 PM

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\WINDOWS\system\bak\hpsysdrv.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\ps2.exe"
"C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
"C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe"



Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post (copy/paste) the results of the awf.txt in your next reply.
================================================================================
======

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 07:40 PM

Find AWF report by noahdfear ©2006 Version 1.40 Option 2 run successfully The current date is: Fri 05/16/2008 The current time is: 21:37:03.68 bak folders found ~~~~~~~~~~~ Directory of C:\HP\KBD\BAK 02/11/2003 10:02 PM 61,440 KBD.EXE 1 File(s) 61,440 bytes Directory of C:\PROGRA~1\ITUNES\BAK 06/14/2006 04:24 PM 278,528 iTunesHelper.exe 1 File(s) 278,528 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 08/13/2006 11:33 PM 282,624 qttask.exe 1 File(s) 282,624 bytes Directory of C:\WINDOWS\CREATOR\BAK 03/18/2003 04:50 AM 331,776 Remind_XP.exe 1 File(s) 331,776 bytes Directory of C:\WINDOWS\SMINST\BAK 09/14/2002 12:42 AM 212,992 RECGUARD.EXE 1 File(s) 212,992 bytes Directory of C:\WINDOWS\SYSTEM\BAK 05/07/1998 07:04 PM 52,736 hpsysdrv.exe 1 File(s) 52,736 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 03/11/2003 08:11 PM 114,688 hkcmd.exe 07/31/2002 10:28 PM 81,920 ps2.exe 2 File(s) 196,608 bytes Directory of C:\PROGRA~1\PANICW~1\POP-UP~1\BAK 03/17/2005 11:10 AM 536,576 PSFree.exe 1 File(s) 536,576 bytes Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK 08/11/2006 01:36 PM 180,269 realsched.exe 1 File(s) 180,269 bytes Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK 02/13/2003 11:01 AM 155,648 sgtray.exe 1 File(s) 155,648 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK 11/02/2004 04:59 PM 218,240 UsrPrmpt.exe 1 File(s) 218,240 bytes Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK 11/10/2005 01:03 PM 36,975 jusched.exe 1 File(s) 36,975 bytes Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK 11/27/2002 07:29 AM 188,416 hpztsb07.exe 1 File(s) 188,416 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 61440 Feb 11 2003 "C:\hp\KBD\KBD.EXE" 61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.EXE" 278528 Jun 14 2006 "C:\Program Files\iTunes\iTunesHelper.exe" 278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Mar 18 2008 "C:\WINDOWS\Installer\{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}\iTunesIco.exe" 116024 Jul 10 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe" 282624 Aug 13 2006 "C:\Program Files\QuickTime\qttask.exe" 282624 Aug 13 2006 "C:\Program Files\QuickTime\bak\qttask.exe" 331776 Mar 18 2003 "C:\WINDOWS\CREATOR\Remind_XP.exe" 331776 Mar 18 2003 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\Recguard.exe" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE" 52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe" 52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\hkcmd.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\bak\hkcmd.exe" 114688 Mar 11 2003 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe" 81920 Jul 31 2002 "C:\WINDOWS\system32\ps2.exe" 81920 Jul 31 2002 "C:\hp\drivers\keyboard\PS2.EXE" 81920 Jul 31 2002 "C:\WINDOWS\system32\bak\ps2.exe" 536576 Mar 17 2005 "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" 536576 Mar 17 2005 "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe" 180269 Aug 11 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 180269 Aug 11 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" 155648 Feb 13 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" 155648 Feb 13 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe" 218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" 218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe" 32881 May 22 2007 "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" 36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" 75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" 75256 Oct 5 2007 "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe" 144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" 36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe" 188416 Nov 27 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" 188416 Nov 27 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe" end of report

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 07:41 PM

Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and copy/paste the following list of folders to be removed:

C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\SYSTEM32\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\system\bak
C:\WINDOWS\system32\bak
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\Program Files\Common Files\Symantec Shared\Security Center\bak
C:\Program Files\Java\jre1.5.0_06\bin\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 07:52 PM

Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Fri 05/16/2008 The current time is: 21:52:20.28 bak folders found ~~~~~~~~~~~ Directory of C:\HP\KBD\BAK 02/11/2003 10:02 PM 61,440 KBD.EXE 1 File(s) 61,440 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\WINDOWS\SMINST\BAK 09/14/2002 12:42 AM 212,992 RECGUARD.EXE 1 File(s) 212,992 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 61440 Feb 11 2003 "C:\hp\KBD\KBD.EXE" 61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.EXE" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\Recguard.exe" 212992 Sep 14 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE" end of report

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 07:54 PM

Please double-click the FindAWF icon once again

Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and copy/paste the following list of folders to be removed:

C:\hp\KBD\bak
C:\WINDOWS\SMINST\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 07:57 PM

Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Fri 05/16/2008 The current time is: 21:57:55.35 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ end of report

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 16 May 2008 - 07:58 PM

Good job :thumbup:

Next:

  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 babbagene

babbagene

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 16 May 2008 - 08:13 PM

ComboFix 08-05-15.3 - Owner 2008-05-16 22:06:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.404 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-16 00:21 . 2008-05-16 00:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 00:21 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 01:55 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 01:32 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-14 01:31 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-14 01:30 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-14 01:29 . 2002-08-29 08:00 479,744 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-14 01:28 . 2002-08-29 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-14 01:27 . 2002-08-29 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-05-14 01:26 . 2002-08-29 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-14 01:25 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-14 01:24 . 2002-08-29 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-14 01:23 . 2002-08-29 03:40 921,475 --a--c--- C:\WINDOWS\system32\dllcache\ati3d2ag.dll
2008-05-14 01:22 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-12 21:46 . 2008-05-12 21:46 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-06 23:44 . 2008-05-06 23:45 681 --a------ C:\WINDOWS\mozver.dat
2008-05-04 20:53 . 2008-05-04 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a--c--- C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2008-04-28 18:29 . 2008-04-28 18:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-04-28 17:46 . 2008-04-28 19:09 147,316 --a------ C:\WINDOWS\hpoins17.dat
2008-04-28 17:46 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat
2008-04-28 16:10 . 2008-03-11 23:30 147,316 --------- C:\WINDOWS\hpoins17.dat.temp
2008-04-28 16:10 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat.temp
2008-04-27 23:37 . 2008-05-14 01:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-27 23:04 . 2008-04-27 23:28 964 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-04-27 12:16 . 2007-03-08 00:32 958,464 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-04-27 12:16 . 2007-03-08 00:32 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-04-27 12:16 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-27 12:16 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-27 12:16 . 2007-03-08 00:32 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-27 03:29 . 2008-04-27 03:29 61,224 --a------ C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2008-04-27 02:52 . 2008-05-16 20:36 10,274 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-27 02:48 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-27 02:44 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-27 02:44 . 2008-04-27 02:45 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-27 02:44 . 2008-04-27 23:08 <DIR> d-------- C:\Program Files\McAfee
2008-04-27 02:44 . 2008-04-27 02:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-27 02:24 . 2006-05-18 01:58 458,752 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-25 17:25 . 2008-04-25 17:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 17:25 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\CashBuzz v.3.2
2008-04-25 04:55 . 2008-04-25 04:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Argentum
2008-04-21 02:35 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-21 02:35 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-21 02:35 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-21 02:34 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-21 02:24 . 2008-04-21 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-20 01:12 . 2008-04-20 01:12 <DIR> d-------- C:\kav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 01:52 --------- d-----w C:\Program Files\QuickTime
2008-05-17 01:52 --------- d-----w C:\Program Files\iTunes
2008-05-17 00:38 --------- d-----w C:\Program Files\SPAMfighter
2008-05-17 00:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\mjusbsp
2008-05-17 00:18 --------- d-----w C:\Program Files\Poker World
2008-05-16 16:28 --------- d-----w C:\Program Files\Absolute Poker
2008-05-15 05:55 --------- d-----w C:\Program Files\Java
2008-05-14 04:53 --------- d-----w C:\Program Files\Trend Micro
2008-05-05 00:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-28 21:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-27 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 04:38 --------- d-----w C:\Program Files\Symantec
2008-04-27 04:01 --------- d-----w C:\Program Files\AOD
2008-04-27 04:00 --------- d-----w C:\Program Files\America Online 8.0
2008-04-27 03:57 --------- d-----w C:\Program Files\AIM6
2008-04-27 03:47 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-27 03:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 03:19 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-27 03:17 --------- d-----w C:\Program Files\Quicken
2008-04-27 03:13 --------- d-----w C:\Program Files\AWS
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-26 13:47 3,962 --sha-r C:\WINDOWS\system32\drivers\HP_DF260A-ABA S4030NX NA210_YC_Pres_QMXM330_E33NAheRED4 _4_IKM266-8235_S_V_BAM37317_T030704_WXH1_L409_M224_J60_7AMD_8Athlon XP 2400+_92_1_N10EC8139_P_Z_K_A11063059_U11063038_G53338D04.MRK
2008-04-21 00:30 69,632 ----a-w C:\WINDOWS\system32\s3tray2.exe
2008-04-19 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\vkrkjujk
2008-04-18 02:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-04-18 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-15 04:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-12 17:46 --------- d-----w C:\Program Files\Shockwave.com
2008-04-12 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-12 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-03-27 23:16 685,849 ----a-w C:\WINDOWS\unins000.exe
2008-03-26 21:55 --------- d-----w C:\Program Files\VSO
2008-03-26 21:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 21:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\InterVideo
2008-03-22 07:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-03-22 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Application
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-03-10 19:17 45,056 ----a-w C:\WINDOWS\system32\UTSCSI.EXE
2008-03-09 23:42 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-29 22:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-12 04:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-17 07:12 374 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-03-17 07:02 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-03-17 06:02 538 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
.

------- Sigcheck -------

2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-16_20.27.28.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 06:06:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 00:35:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-11-27 11:29:22 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 11:10 536576]
"cdloader"="C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 10:39 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 20:11 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 13:36 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 04:50 331776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28 81920]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 12:10 317072]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-04-10 07:08:26 16384]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-02-26 12:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 13:55:03 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-05-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-27 04:30:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 22:08:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-05-16 22:10:16
ComboFix-quarantined-files.txt 2008-05-17 02:10:04
ComboFix2.txt 2008-05-17 00:28:57

Pre-Run: 39,310,897,152 bytes free
Post-Run: 39,319,056,384 bytes free

203

Here is the latest HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:37 PM, on 5/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UTSCSI.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magic...dows-i586-p.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\System32\UTSCSI.EXE

--
End of file - 8269 bytes

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users