Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help! Outlook express open by itself


  • Please log in to reply

#1
mkuipes

mkuipes

    Member

  • Member
  • PipPip
  • 10 posts
Almost every keystroke it pops up. Tried some things but still happening.


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="7.0000"
The current date is: Fri 10/13/2006
The current time is: 17:39:24.59

Running from
C:\Documents and Settings\Michael\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="C:\WINDOWS\system32\ieframe.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"="C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe:*:Enabled:ASUS Windows Platform Flash Program"
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"="C:\\Program Files\\Xfire\\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Disabled:lh"
"C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe"="C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown Demo\\Lockdown.exe:*:Enabled:Lockdown"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

X Password Generator


~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 752 'explorer.exe'
Killing PID 752 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="C:\WINDOWS\system32\ieframe.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :whistling:


--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:29:06 PM 10/13/2006

+ Scan result:



C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP305\A0047422.dll -> Adware.BHO : Ignored.
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP308\A0048663.exe -> Adware.VMN : Ignored.
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051245.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051253.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051261.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051270.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051284.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051292.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051304.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051313.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051321.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051335.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP376\A0051339.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ADE23F05-3F29-49FD-B813-24A1B8D5F71B}\RP387\A0051825.exe -> Downloader.Zlob.anq : Cleaned with backup (quarantined).
C:\Program Files\321Studios\uninstall.exe -> Dropper.Agent.aea : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.449:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.274:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.39:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.185:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.457:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.458:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.442:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.443:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.99:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.154:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.296:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.297:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.298:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.219:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.220:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.226:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.230:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.260:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.303:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.304:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.305:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.306:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.330:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.331:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.340:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.341:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.342:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.343:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.255:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.256:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.257:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.258:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.259:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.277:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.344:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.355:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.356:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.444:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.445:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\qnvotx5e.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

___________________________________________
Activescan

Incident Status Location

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael\Cookies\michael@go[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem.exe[smitRem/Process.exe]
______________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 8:01:16 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser...X/LPControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

Advertisements


#2
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Updated Hijack log. And buy the way ctrl+alt+del dont work either


Logfile of HijackThis v1.99.1
Scan saved at 5:52:20 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Michael\Desktop\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser...X/LPControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by mkuipes, 14 October 2006 - 03:56 PM.

  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Open IE and under Tools > Internet Options > Programs tab.
Under email unselect Outlook (Express) for now.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk

Now close all windows other than HiJackThis, then click Fix Checked.

Then
  • download this file - combofix.exe
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Regards,
  • 0

#4
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i could not uncheck Outlook, its a drop downlist, so i change it to hotmail. hotmail site pops up now.

im on vacation now thru Sat so i may not respond for a while. plz dont del this thread.

Thanks

Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:41:55 AM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\Michael\Desktop\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser...X/LPControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161040242718
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe


________________________________________________________________________________

Michael - 06-10-17 8:37:45.25 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Michael\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-17 to 2006-10-17 ))))))))))))))))))))))))))))))))))


2006-10-17 08:28 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-15 14:20 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2006-10-14 18:00 970,752 --a------ C:\WINDOWS\system32\VchReg.dll
2006-10-14 18:00 50,904 --a------ C:\WINDOWS\system32\CloseAll.exe
2006-10-14 18:00 229,376 --a------ C:\WINDOWS\system32\CheckDll.dll
2006-10-14 17:50 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-10-14 17:27 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-14 17:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-14 17:27 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-13 17:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-01 21:43 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-10-01 21:43 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-17 08:26 -------- d-------- C:\Program Files\SpywareDetector
2006-10-17 08:26 -------- d-------- C:\Program Files\Google
2006-10-16 20:01 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-16 19:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 18:21 -------- d-------- C:\Program Files\Advanced Registry Doctor
2006-10-16 16:50 -------- d-------- C:\Program Files\QuickTime
2006-10-16 16:50 -------- d-------- C:\Program Files\Messenger
2006-10-16 16:49 -------- d-------- C:\Program Files\Internet Explorer
2006-10-16 16:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-14 17:50 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-14 17:26 -------- d-------- C:\Program Files\WinRAR
2006-10-13 17:35 -------- d-------- C:\Program Files\Grisoft
2006-10-13 16:23 -------- d-------- C:\Documents and Settings\Michael\Application Data\Help
2006-10-12 20:08 -------- d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2006-10-10 17:09 -------- d-------- C:\Program Files\Yahoo! Games
2006-10-09 20:42 -------- d-------- C:\Program Files\TryMedia
2006-10-09 14:26 -------- d-------- C:\Program Files\Full Tilt Poker
2006-10-06 12:33 -------- d-------- C:\Program Files\Absolute Poker Basic
2006-10-01 21:48 -------- d-------- C:\Documents and Settings\Michael\Application Data\McAfee.com Personal Firewall
2006-10-01 21:43 -------- d-------- C:\Program Files\McAfee.com
2006-09-27 20:50 -------- d-------- C:\Program Files\Yahoo!
2006-09-27 20:48 -------- d-------- C:\Documents and Settings\Michael\Application Data\yahoo!
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 22:07 -------- d-------- C:\Documents and Settings\Michael\Application Data\funkitron
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 20:39 -------- d-------- C:\Program Files\LimeWire
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"ASUS Probe"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SystemTraySD"="C:\\Program Files\\SpywareDetector\\SDSystemTray.exe"
"SDAutoLiveupdate"="C:\\Program Files\\SpywareDetector\\LiveUpdateSD.exe -AUTO"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1122336516.job

Completion time: 06-10-17 8:38:40.65
C:\ComboFix.txt ... 06-10-17 08:38
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I did write unselect not uncheck. :whistling:

I won't close the thread. Thanks for letting me know it could be a while.

The fact that "something" keep opening your default mail-client is very worrying, but I can't find anything in the combofix log.

Can you please run another scanner?

Downloading
  • Surf to: Sophos free tools: Anti-Rootkit
  • Click the "Download" button
  • Read the conditions and fill out your Details.
  • Click the Download Sophos Anti-Rootkit link.
  • Save the sarsfx.exe to location on your harddrive where you can find it later on.
Installing
  • Close as many applications as possible and execute sarsfx.exe by doubleclicking it.
  • Accept the EULA and install the software to the loaction of your choice.(Default is C:\SOPHTEMP)
Running for analysis
  • In that folder find and double-click sargui.exe
  • Select the areas that you want to scan for hidden objects (Running processes, Windows registry, Local hard drives)
  • Click Start > Run and copy this command into the window %TEMP%\sarscan.log and click OK to execute.
  • A textfile will open. Post the content of that file.
Regards,
  • 0

#6
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hello again.
Thanks for your patience while i was on vacation.

It did not find anything, but here are the logs:

Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 10/22/2006 at 16:44:37 PM
Stopped logging on 10/22/2006 at 16:47:54 PM
  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That's a relief. :whistling:

Can you uninstall SpywareDetector and post a new HijackThis log please?

Regards,
  • 0

#8
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is the log you requested:

Logfile of HijackThis v1.99.1
Scan saved at 4:18:06 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Michael\Desktop\Hijack This.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser...X/LPControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161040242718
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I have been staring so long that my eyes hurt.

I don't see it, but we can try something.

Can you please read:
http://www.beyondlog...rust-no-exe.htm
Then install the program and reboot.
After the reboot deny permission for outlook.exe and set the Default program back to Outlook (Express).

I'm hoping the program that starts it all the time will throw an error when it's refused.
Hopefully that error will give us a lead.

Regards,
  • 0

#10
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
tried "outlook.exe" , nothing still opend.
then tried "C:\ProgramFiles\OutlookExpress" and recieved the following:

"You are not permitted to execute the following program "C:\Program Files\Outlook Express\msimn.exe"
Please contact your administrator if yoou require access."

No other warnings, just the one. No help im guessing.

:whistling: Its weird ctrl+alt+del dont work and its like outlook is a popup.
The good news i guess is it does not seem to be sending mail.

i appreciate all the time you are putting forth to help me with my issue. i hope it can be fixed.

i ran a ton of antispyware stuff to get rid of whatever it is, but nothing.
I may be harmless, but annoying. may just be a lost part of some hacking tool i removed :blink:
  • 0

#11
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
READY FOR A LAUGH!!

i looked in my control panel and figured id take a look at my keyboard settings.
I noticed my keyboard was not reading right (keys are setup diferent than normal keyboards) said standard. So i messed around and still was not working so i got my old keyboard and :whistling: problem solved. Keyboard must have died or something. :blink:

thanks for all your help...atleast i know my computer is free from demons :help:
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Did that keyboard have a button, like mine has, to open the email program? :whistling:

Regards,
  • 0

#13
mkuipes

mkuipes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yessir! email, search, web, forw, back, vol, etc. the whole 9 yards
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I hope that was still under warranty.
Sounds like some circuits got crosslinked. :blink:

Spilled coffee in it? :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP