ComboFix 08-05-15.3 - Owner 2008-05-16 20:23:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.356 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Uninstall Fun Web Products.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bmqaevgj.ini
C:\WINDOWS\system32\fNWvyyxx.ini
C:\WINDOWS\system32\fNWvyyxx.ini2
C:\WINDOWS\system32\nucagmui.ini
C:\WINDOWS\system32\pndqxhgq.ini
C:\WINDOWS\system32\SYHiQXbc.ini
C:\WINDOWS\system32\SYHiQXbc.ini2
C:\WINDOWS\system32\TuuFfiOq.ini
C:\WINDOWS\system32\TuuFfiOq.ini2
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-16 00:21 . 2008-05-16 00:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-16 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 00:21 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 00:21 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 01:55 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-14 01:32 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-14 01:31 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-14 01:30 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-14 01:29 . 2002-08-29 08:00 479,744 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-14 01:28 . 2002-08-29 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-14 01:27 . 2002-08-29 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-05-14 01:26 . 2002-08-29 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-14 01:25 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-14 01:24 . 2002-08-29 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-14 01:23 . 2002-08-29 03:40 921,475 --a--c--- C:\WINDOWS\system32\dllcache\ati3d2ag.dll
2008-05-14 01:22 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-12 21:46 . 2008-05-12 21:46 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-06 23:44 . 2008-05-06 23:45 681 --a------ C:\WINDOWS\mozver.dat
2008-05-04 20:53 . 2008-05-04 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2008-05-04 17:47 . 2002-08-28 23:34 607,360 --a--c--- C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2008-04-28 18:29 . 2008-04-28 18:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-04-28 17:46 . 2008-04-28 19:09 147,316 --a------ C:\WINDOWS\hpoins17.dat
2008-04-28 17:46 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat
2008-04-28 16:10 . 2008-03-11 23:30 147,316 --------- C:\WINDOWS\hpoins17.dat.temp
2008-04-28 16:10 . 2007-04-24 23:48 8,138 --------- C:\WINDOWS\hpomdl17.dat.temp
2008-04-27 23:37 . 2008-05-14 01:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-27 23:04 . 2008-04-27 23:28 964 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-04-27 12:16 . 2007-03-08 00:32 958,464 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-04-27 12:16 . 2007-03-08 00:32 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-04-27 12:16 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-27 12:16 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-27 12:16 . 2007-03-08 00:32 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-27 12:16 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-27 03:29 . 2008-04-27 03:29 61,224 --a------ C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2008-04-27 02:52 . 2008-05-14 02:07 9,018 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-27 02:48 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-27 02:44 . 2008-04-27 21:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-27 02:44 . 2008-04-27 02:45 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-27 02:44 . 2008-04-27 23:08 <DIR> d-------- C:\Program Files\McAfee
2008-04-27 02:44 . 2008-04-27 02:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-27 02:24 . 2006-05-18 01:58 458,752 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 02:06 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-26 22:53 . 2002-08-29 01:27 22,016 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-26 09:45 . 2002-08-29 01:27 23,424 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-25 17:25 . 2008-04-25 17:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 17:25 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\CashBuzz v.3.2
2008-04-25 04:55 . 2008-04-25 04:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Argentum
2008-04-21 02:35 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-21 02:35 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-21 02:35 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-21 02:35 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-21 02:34 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-21 02:24 . 2008-04-21 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-20 01:12 . 2008-04-20 01:12 <DIR> d-------- C:\kav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 00:18 --------- d-----w C:\Program Files\Poker World
2008-05-16 16:28 --------- d-----w C:\Program Files\Absolute Poker
2008-05-16 06:08 --------- d-----w C:\Program Files\SPAMfighter
2008-05-15 05:55 --------- d-----w C:\Program Files\Java
2008-05-14 06:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\mjusbsp
2008-05-14 04:53 --------- d-----w C:\Program Files\Trend Micro
2008-05-05 00:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-28 21:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-27 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 04:38 --------- d-----w C:\Program Files\Symantec
2008-04-27 04:01 --------- d-----w C:\Program Files\AOD
2008-04-27 04:00 --------- d-----w C:\Program Files\America Online 8.0
2008-04-27 03:57 --------- d-----w C:\Program Files\AIM6
2008-04-27 03:47 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-27 03:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 03:19 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-27 03:17 --------- d-----w C:\Program Files\Quicken
2008-04-27 03:13 --------- d-----w C:\Program Files\AWS
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-27 02:52 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-26 13:47 3,962 --sha-r C:\WINDOWS\system32\drivers\HP_DF260A-ABA S4030NX NA210_YC_Pres_QMXM330_E33NAheRED4 _4_IKM266-8235_S_V_BAM37317_T030704_WXH1_L409_M224_J60_7AMD_8Athlon XP 2400+_92_1_N10EC8139_P_Z_K_A11063059_U11063038_G53338D04.MRK
2008-04-21 00:30 69,632 ----a-w C:\WINDOWS\system32\s3tray2.exe
2008-04-19 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\vkrkjujk
2008-04-18 02:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-04-18 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-15 04:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-12 17:46 --------- d-----w C:\Program Files\Shockwave.com
2008-04-12 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-12 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-03-27 23:16 685,849 ----a-w C:\WINDOWS\unins000.exe
2008-03-26 21:55 --------- d-----w C:\Program Files\VSO
2008-03-26 21:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 21:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\InterVideo
2008-03-24 03:10 --------- d-----w C:\Program Files\QuickTime
2008-03-22 07:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-03-22 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 20:48 --------- d-----w C:\Program Files\iTunes
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Application
2008-03-18 08:44 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-03-10 19:17 45,056 ----a-w C:\WINDOWS\system32\UTSCSI.EXE
2008-03-09 23:42 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-29 22:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-12 04:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-17 07:12 374 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-03-17 07:02 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-03-17 06:02 538 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
.
------- Sigcheck -------
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 02:02:48 C:\hp\KBD\bak\KBD.EXE
----a-w 61,440 2003-02-12 02:02:48 C:\hp\KBD\kbd.exe
----a-w 180,269 2006-08-11 17:36:09 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 151,597 2003-04-10 10:50:52 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
----a-w 155,648 2003-02-13 15:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe
----a-w 155,648 2003-02-13 15:01:00 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
----a-w 218,240 2004-11-02 20:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
----a-w 278,528 2006-06-14 20:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 270,648 2007-07-10 14:18:20 C:\Program Files\iTunes\iTunesHelper.exe
----a-w 36,975 2005-11-10 17:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 536,576 2005-03-17 15:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe
----a-w 536,576 2005-03-17 16:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
----a-w 282,624 2006-08-14 03:33:53 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 331,776 2003-03-18 08:50:36 C:\WINDOWS\CREATOR\bak\Remind_XP.exe
----a-w 331,776 2003-03-18 08:50:36 C:\WINDOWS\CREATOR\Remind_XP.exe
----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\Recguard.exe
----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\hpsysdrv.exe
----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\hkcmd.exe
----a-w 81,920 2002-08-01 02:28:38 C:\WINDOWS\system32\bak\ps2.exe
----a-w 81,920 2002-08-01 02:28:38 C:\WINDOWS\system32\ps2.EXE
----a-w 188,416 2002-11-27 11:29:22 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 12:10 536576]
"cdloader"="C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 10:39 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 20:11 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 06:50 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 04:50 331776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28 81920]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 12:10 317072]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-04-10 07:08:26 16384]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-02-26 12:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 13:55:03 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-05-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-27 04:30:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-16 20:26:01
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-05-16 20:28:55
ComboFix-quarantined-files.txt 2008-05-17 00:28:04
Pre-Run: 39,310,802,944 bytes free
Post-Run: 39,346,139,136 bytes free
243
Here is the new HIJACKTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:31 PM, on 5/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UTSCSI.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
http://support.magic...dows-i586-p.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\System32\UTSCSI.EXE
--
End of file - 8437 bytes
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
