Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

taskbar says virus alert need help


  • Please log in to reply

#1
mr_superstar

mr_superstar

    New Member

  • Member
  • Pip
  • 6 posts
taskbar says virus alert need help

heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:55 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ghiath.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\cnlfdtql.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198340481764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198341157327
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: leorop - {F8F5E481-D4F3-4C3D-A249-0D632668089B} - (no file)
O21 - SSODL: nopzet - {E990305D-1B22-436A-A794-FBF364CC3A4D} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6362 bytes

  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar, I'm currently reading over your log right now and I'll do my best to try to get your system clean. :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.
  • 0

#3
mr_superstar

mr_superstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
WILL BE WAITIN COMP IS VERY DOWN
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar,

If you have any questions please feel free to ask. :)

STEP 1
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

STEP 2
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
~~~~~~~~~~~
In your next reply please have these logs.
The SmitFraudFix log
And the DSS main.txt and extra.txt
  • 0

#5
mr_superstar

mr_superstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
heres my smith log


SmitFraudFix v2.328

Scan done at 13:38:16.73, Mon 06/23/2008
Run from C:\Documents and Settings\j\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\j


C:\Documents and Settings\j\Application Data


Start Menu


C:\DOCUME~1\j\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 763444.dll
BHO: 763444 Class - {984C42AE-0B1D-4495-B16B-935DA5671133}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\agnitum\\outpos~1\\wl_hook.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.69.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146


Scanning for wininet.dll infection


End



heres my dss log

Deckard's System Scanner v20071014.68
Run by j on 2008-06-23 13:51:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-23 20:51:45 UTC - RP178 - Deckard's System Scanner Restore Point
3: 2008-06-23 20:27:47 UTC - RP177 - Installed HP Connections XP
2: 2008-06-22 03:58:51 UTC - RP176 - Restore Operation
1: 2008-06-22 03:57:04 UTC - RP175 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as j.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:56, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\j.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ghiath.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll
O2 - BHO: (no name) - {99CBA29C-B20E-4173-BC16-15C3BCAC06F4} - C:\WINDOWS\system32\ddcBUlMG.dll
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\iifdcDvW.dll
O2 - BHO: (no name) - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - (no file)
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198340481764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198341157327
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: iifdcDvW - C:\WINDOWS\SYSTEM32\iifdcDvW.dll
O21 - SSODL: leorop - {F8F5E481-D4F3-4C3D-A249-0D632668089B} - (no file)
O21 - SSODL: nopzet - {E990305D-1B22-436A-A794-FBF364CC3A4D} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7991 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 VBEngNT - c:\windows\system32\drivers\vbengnt.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>

S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 13:38:54 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 13:37:46 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-23 13:37:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-23 13:37:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-23 13:37:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-23 13:37:42 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-23 13:37:42 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-23 13:37:41 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-23 13:37:39 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-23 05:28:47 91392 --a------ C:\WINDOWS\system32\jpkhemic.dll
2008-06-23 04:48:38 0 d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:49:44 0 d-------- C:\Documents and Settings\j\Application Data\Sun
2008-06-21 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-06-21 19:58:45 0 d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-21 02:30:35 0 d-------- C:\Documents and Settings\j\Application Data\Macromedia
2008-06-21 02:22:05 0 d-------- C:\Documents and Settings\j\Application Data\Mozilla
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Identities
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Adobe
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\SendTo
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Recent
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\PrintHood
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\NetHood
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\My Documents
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\Local Settings
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\Favorites
2008-06-20 15:02:52 0 d-------- C:\Documents and Settings\j\Desktop
2008-06-20 15:02:52 0 d--hs---- C:\Documents and Settings\j\Cookies
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Application Data
2008-06-20 15:02:51 0 d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02:51 0 d--h----- C:\Documents and Settings\j\Templates
2008-06-20 15:02:51 0 dr------- C:\Documents and Settings\j\Start Menu
2008-06-20 15:02:51 1310720 --a------ C:\Documents and Settings\j\NTUSER.DAT
2008-06-20 13:44:53 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43:26 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41:45 0 d-------- C:\Program Files\mozilla.org
2008-06-20 13:36:28 0 d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28:41 0 d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25:27 0 d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 07:00:56 228979 --ahs---- C:\WINDOWS\system32\GMlUBcdd.ini2
2008-06-19 07:00:44 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
2008-06-19 06:41:22 0 d-------- C:\Program Files\Error Repair Professional
2008-06-18 01:55:55 0 d-------- C:\WINDOWS\system32\763444
2008-06-17 14:13:39 1073745 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-06-17 14:10:50 0 d-------- C:\WINDOWS\system32\Filt
2008-06-17 14:10:49 0 d-------- C:\Program Files\Agnitum
2008-06-17 14:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-17 13:59:21 94080 --a------ C:\WINDOWS\system32\ioorxoxk.dll
2008-06-17 13:52:41 5888 --ahs---- C:\WINDOWS\system32\dgfMUvut.ini2
2008-06-17 13:32:23 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
2008-06-15 15:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-15 15:19:04 0 d-------- C:\Program Files\Free Download Manager
2008-06-02 14:32:46 0 d-------- C:\Program Files\Flash Favorite
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-26 17:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35:08 0 d-------- C:\Program Files\GRETECH


-- Find3M Report ---------------------------------------------------------------

2008-06-23 13:27:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 13:27:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 20:25:40 0 d-------- C:\Program Files\Java
2008-06-20 13:44:53 8881 --a------ C:\WINDOWS\mozver.dat
2008-06-20 13:42:12 0 d-------- C:\Program Files\Common Files
2008-06-20 12:51:53 0 d-------- C:\Program Files\WildTangent
2008-06-19 02:48:08 0 d-------- C:\Program Files\Screensavers.com
2008-06-19 02:48:06 0 d-------- C:\Program Files\s?stem
2008-06-19 02:48:06 0 d-------- C:\Program Files\HP Instant Support
2008-06-19 02:48:04 0 d-------- C:\Program Files\Insider
2008-06-18 20:04:17 0 d-------- C:\Program Files\RegistryFix
2008-06-17 20:02:47 0 d-------- C:\Program Files\DivX
2008-06-17 15:38:13 0 d-------- C:\Program Files\ZipItFree
2008-06-17 15:14:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-17 15:07:09 0 d-------- C:\Program Files\Windows NT
2008-06-17 15:07:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 15:07:00 0 d-------- C:\Program Files\Tcl
2008-06-17 15:06:36 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 15:06:28 0 d-------- C:\Program Files\QuickenFC
2008-06-17 15:06:27 0 d-------- C:\Program Files\Python
2008-06-17 15:06:27 0 d-------- C:\Program Files\PC-Doctor for Windows XP
2008-06-17 15:05:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 15:05:33 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 15:04:55 0 d-------- C:\Program Files\Messenger
2008-06-17 15:04:35 0 d-------- C:\Program Files\HPSelect
2008-06-17 15:04:32 0 d-------- C:\Program Files\HP RecordNow
2008-06-17 15:04:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 15:04:09 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-17 15:04:05 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\aolback
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 15:03:36 0 d-------- C:\Program Files\America Online 9.0
2008-06-17 15:03:36 0 d-------- C:\Program Files\AlbumPlayer
2008-06-17 11:56:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-17 11:55:30 0 d-------- C:\Program Files\PopCap Games
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 17:48:44 0 d-------- C:\Program Files\Aimersoft
2008-05-16 13:49:00 71 --a------ C:\WINDOWS\popcinfot.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10AE6707-5A0A-48BC-8BED-41736D11E3DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BC7FFC-02C7-483C-8A90-3461D51F4B25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253A35B3-8CB8-40EF-9683-78104346AFD7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461C7695-9741-453E-8A33-FE04231D8515}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}]
06/18/2008 01:55 15360 --a------ C:\WINDOWS\system32\763444\763444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99CBA29C-B20E-4173-BC16-15C3BCAC06F4}]
06/19/2008 07:00 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/17/2008 13:32 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5A48D4D-00B6-4AD2-B273-29007E82CA02}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 10:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 16:34]
"NvCplDaemon"="NvQTwk" []
"S3TRAY2"="S3tray2.exe" [10/04/2001 12:06 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 18:25]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 17:36]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [10/12/2001 11:41]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [10/11/2001 17:20]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [10/11/2001 17:20]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/22/2005 19:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"5495c47c"="C:\WINDOWS\system32\jpkhemic.dll" [06/23/2008 05:28]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [04/04/2008 10:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [3/9/2008 9:46:53 AM]
hp center.lnk.disabled [3/3/2008 8:54:49 PM]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [5/26/2006 2:01:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\iifdcDvW.dll [06/17/2008 13:32 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcDvW]
iifdcDvW.dll 06/17/2008 13:32 28800 C:\WINDOWS\SYSTEM32\iifdcDvW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBUlMG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-23 13:57:48 ------------

extra log

Deckard's System Scanner v20071014.68
Run by j on 2008-06-23 13:51:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-23 20:51:45 UTC - RP178 - Deckard's System Scanner Restore Point
3: 2008-06-23 20:27:47 UTC - RP177 - Installed HP Connections XP
2: 2008-06-22 03:58:51 UTC - RP176 - Restore Operation
1: 2008-06-22 03:57:04 UTC - RP175 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as j.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:56, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\j.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ghiath.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll
O2 - BHO: (no name) - {99CBA29C-B20E-4173-BC16-15C3BCAC06F4} - C:\WINDOWS\system32\ddcBUlMG.dll
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\iifdcDvW.dll
O2 - BHO: (no name) - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - (no file)
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198340481764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198341157327
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: iifdcDvW - C:\WINDOWS\SYSTEM32\iifdcDvW.dll
O21 - SSODL: leorop - {F8F5E481-D4F3-4C3D-A249-0D632668089B} - (no file)
O21 - SSODL: nopzet - {E990305D-1B22-436A-A794-FBF364CC3A4D} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7991 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 VBEngNT - c:\windows\system32\drivers\vbengnt.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>

S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 13:38:54 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 13:37:46 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-23 13:37:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-23 13:37:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-23 13:37:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-23 13:37:42 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-23 13:37:42 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-23 13:37:41 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-23 13:37:39 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-23 05:28:47 91392 --a------ C:\WINDOWS\system32\jpkhemic.dll
2008-06-23 04:48:38 0 d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:49:44 0 d-------- C:\Documents and Settings\j\Application Data\Sun
2008-06-21 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-06-21 19:58:45 0 d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-21 02:30:35 0 d-------- C:\Documents and Settings\j\Application Data\Macromedia
2008-06-21 02:22:05 0 d-------- C:\Documents and Settings\j\Application Data\Mozilla
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Identities
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Adobe
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\SendTo
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Recent
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\PrintHood
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\NetHood
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\My Documents
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\Local Settings
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\Favorites
2008-06-20 15:02:52 0 d-------- C:\Documents and Settings\j\Desktop
2008-06-20 15:02:52 0 d--hs---- C:\Documents and Settings\j\Cookies
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Application Data
2008-06-20 15:02:51 0 d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02:51 0 d--h----- C:\Documents and Settings\j\Templates
2008-06-20 15:02:51 0 dr------- C:\Documents and Settings\j\Start Menu
2008-06-20 15:02:51 1310720 --a------ C:\Documents and Settings\j\NTUSER.DAT
2008-06-20 13:44:53 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43:26 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41:45 0 d-------- C:\Program Files\mozilla.org
2008-06-20 13:36:28 0 d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28:41 0 d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25:27 0 d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 07:00:56 228979 --ahs---- C:\WINDOWS\system32\GMlUBcdd.ini2
2008-06-19 07:00:44 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
2008-06-19 06:41:22 0 d-------- C:\Program Files\Error Repair Professional
2008-06-18 01:55:55 0 d-------- C:\WINDOWS\system32\763444
2008-06-17 14:13:39 1073745 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-06-17 14:10:50 0 d-------- C:\WINDOWS\system32\Filt
2008-06-17 14:10:49 0 d-------- C:\Program Files\Agnitum
2008-06-17 14:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-17 13:59:21 94080 --a------ C:\WINDOWS\system32\ioorxoxk.dll
2008-06-17 13:52:41 5888 --ahs---- C:\WINDOWS\system32\dgfMUvut.ini2
2008-06-17 13:32:23 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
2008-06-15 15:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-15 15:19:04 0 d-------- C:\Program Files\Free Download Manager
2008-06-02 14:32:46 0 d-------- C:\Program Files\Flash Favorite
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-26 17:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35:08 0 d-------- C:\Program Files\GRETECH


-- Find3M Report ---------------------------------------------------------------

2008-06-23 13:27:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 13:27:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 20:25:40 0 d-------- C:\Program Files\Java
2008-06-20 13:44:53 8881 --a------ C:\WINDOWS\mozver.dat
2008-06-20 13:42:12 0 d-------- C:\Program Files\Common Files
2008-06-20 12:51:53 0 d-------- C:\Program Files\WildTangent
2008-06-19 02:48:08 0 d-------- C:\Program Files\Screensavers.com
2008-06-19 02:48:06 0 d-------- C:\Program Files\s?stem
2008-06-19 02:48:06 0 d-------- C:\Program Files\HP Instant Support
2008-06-19 02:48:04 0 d-------- C:\Program Files\Insider
2008-06-18 20:04:17 0 d-------- C:\Program Files\RegistryFix
2008-06-17 20:02:47 0 d-------- C:\Program Files\DivX
2008-06-17 15:38:13 0 d-------- C:\Program Files\ZipItFree
2008-06-17 15:14:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-17 15:07:09 0 d-------- C:\Program Files\Windows NT
2008-06-17 15:07:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 15:07:00 0 d-------- C:\Program Files\Tcl
2008-06-17 15:06:36 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 15:06:28 0 d-------- C:\Program Files\QuickenFC
2008-06-17 15:06:27 0 d-------- C:\Program Files\Python
2008-06-17 15:06:27 0 d-------- C:\Program Files\PC-Doctor for Windows XP
2008-06-17 15:05:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 15:05:33 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 15:04:55 0 d-------- C:\Program Files\Messenger
2008-06-17 15:04:35 0 d-------- C:\Program Files\HPSelect
2008-06-17 15:04:32 0 d-------- C:\Program Files\HP RecordNow
2008-06-17 15:04:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 15:04:09 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-17 15:04:05 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\aolback
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 15:03:36 0 d-------- C:\Program Files\America Online 9.0
2008-06-17 15:03:36 0 d-------- C:\Program Files\AlbumPlayer
2008-06-17 11:56:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-17 11:55:30 0 d-------- C:\Program Files\PopCap Games
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 17:48:44 0 d-------- C:\Program Files\Aimersoft
2008-05-16 13:49:00 71 --a------ C:\WINDOWS\popcinfot.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10AE6707-5A0A-48BC-8BED-41736D11E3DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BC7FFC-02C7-483C-8A90-3461D51F4B25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253A35B3-8CB8-40EF-9683-78104346AFD7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461C7695-9741-453E-8A33-FE04231D8515}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}]
06/18/2008 01:55 15360 --a------ C:\WINDOWS\system32\763444\763444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99CBA29C-B20E-4173-BC16-15C3BCAC06F4}]
06/19/2008 07:00 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/17/2008 13:32 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5A48D4D-00B6-4AD2-B273-29007E82CA02}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 10:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 16:34]
"NvCplDaemon"="NvQTwk" []
"S3TRAY2"="S3tray2.exe" [10/04/2001 12:06 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 18:25]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 17:36]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [10/12/2001 11:41]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [10/11/2001 17:20]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [10/11/2001 17:20]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/22/2005 19:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"5495c47c"="C:\WINDOWS\system32\jpkhemic.dll" [06/23/2008 05:28]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [04/04/2008 10:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [3/9/2008 9:46:53 AM]
hp center.lnk.disabled [3/3/2008 8:54:49 PM]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [5/26/2006 2:01:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\iifdcDvW.dll [06/17/2008 13:32 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcDvW]
iifdcDvW.dll 06/17/2008 13:32 28800 C:\WINDOWS\SYSTEM32\iifdcDvW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBUlMG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar,

STEP 1
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

STEP 2
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
~~~~~~~~~~~~
In your next reply please have these logs.
The SmitFraudFix log
The ComboFix log
And a new HijackThis log
  • 0

#7
mr_superstar

mr_superstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
rapport log


SmitFraudFix v2.328

Scan done at 23:55:24.98, Mon 06/23/2008
Run from C:\Documents and Settings\j\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

combolog


ComboFix 08-06-20.4 - j 2008-06-24 15:14:11.2 - NTFSx86
Running from: C:\Documents and Settings\j\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\screensavers.com
C:\Program Files\sstem~1
C:\WA6P
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IA
C:\WINDOWS\msacm32.drv
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\winspool.dll
C:\WINDOWS\system32\wuasirvy.dll
C:\WINDOWS\ymante~1
C:\WINDOWS\ymante~1\?ymantec\

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-24 11:57 . 2008-06-24 15:30 526 ---hs---- C:\WINDOWS\SYSTEM32\cimehkpj.ini
2008-06-23 13:50 . 2008-06-23 13:50 <DIR> d-------- C:\Deckard
2008-06-23 13:38 . 2008-06-23 23:56 2,306 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-23 13:37 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-06-23 13:37 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-06-23 13:37 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-06-23 13:37 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-06-23 13:37 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-06-23 13:37 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-06-23 13:37 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-06-23 13:37 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-06-23 13:37 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-06-23 05:28 . 2008-06-23 05:28 91,392 --a------ C:\WINDOWS\SYSTEM32\jpkhemic.dll
2008-06-23 04:48 . 2008-06-23 04:48 <DIR> d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:29 . 2008-06-21 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 19:58 . 2008-06-21 19:58 <DIR> d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02 . 2008-06-24 15:24 <DIR> d-------- C:\Documents and Settings\j
2008-06-20 13:44 . 2008-06-20 13:44 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43 . 2008-06-20 13:43 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41 . 2008-06-20 13:41 <DIR> d-------- C:\Program Files\mozilla.org
2008-06-20 13:36 . 2008-06-20 13:48 <DIR> d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28 . 2008-06-20 15:01 <DIR> d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25 . 2008-06-20 13:23 <DIR> d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 06:41 . 2008-06-19 07:28 <DIR> d-------- C:\Program Files\Error Repair Professional
2008-06-17 14:13 . 2008-02-21 18:31 1,073,745 --a------ C:\WINDOWS\SYSTEM32\drivers\VBEngNT.sys
2008-06-17 14:13 . 2008-03-12 12:31 449,184 --a------ C:\WINDOWS\SYSTEM32\drivers\SandBox.sys
2008-06-17 14:13 . 2008-02-27 18:28 206,352 --a------ C:\WINDOWS\SYSTEM32\drivers\afw.sys
2008-06-17 14:13 . 2007-10-29 17:45 49 --a------ C:\WINDOWS\transp.gif
2008-06-17 14:10 . 2008-06-20 13:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\Filt
2008-06-17 14:10 . 2008-06-17 14:10 <DIR> d-------- C:\Program Files\Agnitum
2008-06-17 14:10 . 2008-06-17 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-17 12:08 . 2008-05-25 17:16 218,592 --a------ C:\WINDOWS\hpdj3500.hi1
2008-06-17 12:08 . 2008-05-25 17:16 10,489 --a------ C:\WINDOWS\hpdj3500.bu1
2008-06-15 15:19 . 2008-06-17 15:04 <DIR> d-------- C:\Program Files\Free Download Manager
2008-06-15 15:19 . 2008-06-15 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-12 12:16 . 2008-04-14 04:01 272,128 --a------ C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-02 14:32 . 2008-06-17 11:56 <DIR> d-------- C:\Program Files\Flash Favorite
2008-05-26 20:11 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys
2008-05-26 20:11 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbaudio.sys
2008-05-26 20:11 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys
2008-05-26 20:11 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbccgp.sys
2008-05-26 20:11 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\drivers\hidusb.sys
2008-05-26 20:11 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\hidusb.sys
2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35 . 2008-05-26 17:35 <DIR> d-------- C:\Program Files\GRETECH
2008-05-25 17:12 . 2008-06-17 12:08 5,178 --a------ C:\WINDOWS\hpdj3500.his
2008-05-25 17:12 . 2008-06-17 12:08 1,070 --a------ C:\WINDOWS\hpdj3500.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 20:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-22 03:25 --------- d-----w C:\Program Files\Java
2008-06-20 19:51 --------- d-----w C:\Program Files\WildTangent
2008-06-19 09:48 --------- d-----w C:\Program Files\HP Instant Support
2008-06-19 03:04 --------- d-----w C:\Program Files\RegistryFix
2008-06-18 03:02 --------- d-----w C:\Program Files\DivX
2008-06-17 22:38 --------- d-----w C:\Program Files\ZipItFree
2008-06-17 22:14 --------- d-----w C:\Program Files\Common Files\Scanner
2008-06-17 22:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 22:07 --------- d-----w C:\Program Files\Tcl
2008-06-17 22:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-17 22:06 --------- d-----w C:\Program Files\Realtek AC97
2008-06-17 22:06 --------- d-----w C:\Program Files\QuickenFC
2008-06-17 22:06 --------- d-----w C:\Program Files\Python
2008-06-17 22:06 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2008-06-17 22:05 --------- d-----w C:\Program Files\Microsoft Works
2008-06-17 22:04 --------- d-----w C:\Program Files\HPSelect
2008-06-17 22:04 --------- d-----w C:\Program Files\HP RecordNow
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\aolshare
2008-06-17 22:03 --------- d-----w C:\Program Files\Common Files\aolback
2008-06-17 22:03 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-17 22:03 --------- d-----w C:\Program Files\America Online 9.0
2008-06-17 22:03 --------- d-----w C:\Program Files\AlbumPlayer
2008-06-17 18:56 --------- d-----w C:\Program Files\YouTube Downloader
2008-06-17 18:55 --------- d-----w C:\Program Files\PopCap Games
2008-06-15 23:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-19 00:48 --------- d-----w C:\Program Files\Aimersoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-06-03 17:48 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-18 01:50 0 -c--a-w C:\Program Files\Common Files\err.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10AE6707-5A0A-48BC-8BED-41736D11E3DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BC7FFC-02C7-483C-8A90-3461D51F4B25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253A35B3-8CB8-40EF-9683-78104346AFD7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461C7695-9741-453E-8A33-FE04231D8515}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8133799B-7E0D-4EBA-818A-C400DFE71149}]
C:\WINDOWS\system32\ddcBUlMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5A48D4D-00B6-4AD2-B273-29007E82CA02}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 16:34 212992]
"NvCplDaemon"="NvQTwk,NvCplDaemon initialize" []
"S3TRAY2"="S3tray2.exe" [2001-10-04 12:06 69632 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 18:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 17:36 90112]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [2001-10-12 11:41 135168]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [2001-10-11 17:20 143360]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [2001-10-11 17:20 122880]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 19:33 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"5495c47c"="C:\WINDOWS\system32\jpkhemic.dll" [2008-06-23 05:28 91392]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [2008-04-04 10:17 587176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [2008-03-09 09:46:53 869]
hp center.lnk.disabled [2008-03-03 20:54:49 1811]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-05-26 02:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcDvW]
iifdcDvW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"C:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-27 18:28]
R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\DRIVERS\VBEngNT.sys [2008-02-21 18:31]
R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [2008-03-12 12:32]
S3 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-05-21 18:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 15:30:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OP_CACHE.ATR 24 bytes
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OP_CACHE.IDX 12 bytes
C:\WINDOWS\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\WINDOWS\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\OP_CACHE.ATR 528 bytes
C:\OP_CACHE.IDX 264 bytes
C:\WINDOWS\system32\drivers\OP_CACHE.ATR 2784 bytes
C:\WINDOWS\system32\drivers\OP_CACHE.IDX 1392 bytes
C:\WINDOWS\system32\wbem\OP_CACHE.ATR 1104 bytes
C:\WINDOWS\system32\wbem\OP_CACHE.IDX 552 bytes
C:\WINDOWS\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\WINDOWS\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\WINDOWS\OP_CACHE.ATR 8280 bytes
C:\WINDOWS\OP_CACHE.IDX 4140 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\OP_CACHE.ATR 192 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\OP_CACHE.IDX 96 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\aolsystrayservice\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\aolsystrayservice\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\settingsManagerApp\ver1_1_20_1\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\settingsManagerApp\ver1_1_20_1\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\softwareUpdate\ver1_14_4_2\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\softwareUpdate\ver1_14_4_2\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\ACS\OP_CACHE.IDX 120 bytes
C:\Program Files\Common Files\AOL\ACS\OP_CACHE.ATR 240 bytes
C:\Program Files\Common Files\AOL\AOL Network Magic\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\AOL Network Magic\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\AOL Spyware Protection\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\AOL Spyware Protection\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\AOLDiag\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\AOLDiag\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\AOL\IPHSend\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\IPHSend\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\Loader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\Loader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\Screensaver\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\Screensaver\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\System Information\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\System Information\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\TopSpeed\2.0\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\TopSpeed\2.0\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\aolback\Comps\acs\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\acs\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\asp\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\asp\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\coach\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\coach\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\deskbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\deskbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\flash\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\flash\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\fw\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\fw\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\ocp\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\ocp\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\qt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\qt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\rp\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\aolback\Comps\rp\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\aolback\Comps\sysinfo\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\sysinfo\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\tb\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\tb\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\toolbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\toolbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\tpspd\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\tpspd\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\vwpt\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\aolback\Comps\vwpt\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\aolback\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolshare\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\aolshare\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\InstallShield\IScript\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\IScript\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\UpdateService\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\InstallShield\UpdateService\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\LightScribe\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\LightScribe\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\Microsoft Shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\dasetup\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\dasetup\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Equation\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Equation\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Grphflt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Grphflt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Investor\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Investor\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\MSDraw\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\MSDraw\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Note-It\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Note-It\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Shoebox\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Shoebox\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Speech\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Speech\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\TextConv\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Microsoft Shared\TextConv\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Triedit\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Triedit\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\VGX\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\VGX\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Web Folders\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Web Folders\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\WordArt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\WordArt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\OP_CACHE.ATR 408 bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\OP_CACHE.IDX 204 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Real\GToolbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Real\GToolbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Real\Update\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Real\Update\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Real\Update_OB\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\Real\Update_OB\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\Roxio Shared\DLLShared\OP_CACHE.ATR 240 bytes
C:\Program Files\Common Files\Roxio Shared\DLLShared\OP_CACHE.IDX 120 bytes
C:\Program Files\Common Files\Roxio Shared\Dragon\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Dragon\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\MainConcept\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\Roxio Shared\MainConcept\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\Roxio Shared\MPEG\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\Roxio Shared\MPEG\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Main\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Main\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCom\OP_CACHE.ATR 192 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCom\OP_CACHE.IDX 96 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\OP_CACHE.ATR 1176 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\OP_CACHE.IDX 588 bytes
C:\Program Files\Common Files\Scanner\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Scanner\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Sonic Shared\OP_CACHE.ATR 216 bytes
C:\Program Files\Common Files\Sonic Shared\OP_CACHE.IDX 108 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\OP_CACHE.IDX 12 bytes
C:\WINDOWS\system32\OP_CACHE.ATR 22968 bytes
C:\WINDOWS\system32\OP_CACHE.IDX 11484 bytes

scan completed successfully
hidden files: 166

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jpkhemic.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-24 15:45:32 - machine was rebooted [j]
ComboFix-quarantined-files.txt 2008-06-24 22:45:15

Pre-Run: 11,193,708,544 bytes free
Post-Run: 11,410,350,080 bytes free

374 --- E O F --- 2008-06-13 17:37:45


hjthislog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:42, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ghiath.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8133799B-7E0D-4EBA-818A-C400DFE71149} - C:\WINDOWS\system32\ddcBUlMG.dll (file missing)
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198340481764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198341157327
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: iifdcDvW - iifdcDvW.dll (file missing)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7145 bytes
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar,

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {8133799B-7E0D-4EBA-818A-C400DFE71149} - C:\WINDOWS\system32\ddcBUlMG.dll (file missing)
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O20 - Winlogon Notify: iifdcDvW - iifdcDvW.dll (file missing)

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

STEP 2
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\jpkhemic.dll
C:\WINDOWS\system32\GMlUBcdd.ini2
C:\WINDOWS\system32\ddcBUlMG.dll
C:\WINDOWS\system32\ioorxoxk.dll
C:\WINDOWS\system32\dgfMUvut.ini2
C:\WINDOWS\system32\iifdcDvW.dll
C:\WINDOWS\SYSTEM32\cimehkpj.ini
C:\WINDOWS\hpdj3500.hi1
C:\WINDOWS\hpdj3500.bu1
C:\WINDOWS\hpdj3500.his
C:\WINDOWS\hpdj3500.ini
Folder::
C:\WINDOWS\system32\763444

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
mr_superstar

mr_superstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:41, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ghiath.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198340481764
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198341157327
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6297 bytes




ComboFix 08-06-20.4 - j 2008-06-25 14:32:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.86 [GMT -7:00]Running from: C:\Documents and Settings\j\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\j\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\hpdj3500.bu1
C:\WINDOWS\hpdj3500.hi1
C:\WINDOWS\hpdj3500.his
C:\WINDOWS\hpdj3500.ini
C:\WINDOWS\SYSTEM32\cimehkpj.ini
C:\WINDOWS\system32\ddcBUlMG.dll
C:\WINDOWS\system32\dgfMUvut.ini2
C:\WINDOWS\system32\GMlUBcdd.ini2
C:\WINDOWS\system32\iifdcDvW.dll
C:\WINDOWS\system32\ioorxoxk.dll
C:\WINDOWS\system32\jpkhemic.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hpdj3500.bu1
C:\WINDOWS\hpdj3500.hi1
C:\WINDOWS\hpdj3500.his
C:\WINDOWS\hpdj3500.ini
C:\WINDOWS\SYSTEM32\cimehkpj.ini
C:\WINDOWS\system32\jpkhemic.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-23 13:50 . 2008-06-23 13:50 <DIR> d-------- C:\Deckard
2008-06-23 13:38 . 2008-06-23 23:56 2,306 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-23 13:37 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-06-23 13:37 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-06-23 13:37 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-06-23 13:37 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-06-23 13:37 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-06-23 13:37 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-06-23 13:37 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-06-23 13:37 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-06-23 13:37 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-06-23 04:48 . 2008-06-23 04:48 <DIR> d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:29 . 2008-06-21 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 19:58 . 2008-06-21 19:58 <DIR> d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02 . 2007-12-09 13:14 <DIR> d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02 . 2008-06-25 04:46 <DIR> d-------- C:\Documents and Settings\j
2008-06-20 13:44 . 2008-06-20 13:44 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43 . 2008-06-20 13:43 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41 . 2008-06-20 13:41 <DIR> d-------- C:\Program Files\mozilla.org
2008-06-20 13:36 . 2008-06-20 13:48 <DIR> d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28 . 2008-06-20 15:01 <DIR> d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25 . 2008-06-20 13:23 <DIR> d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 06:41 . 2008-06-19 07:28 <DIR> d-------- C:\Program Files\Error Repair Professional
2008-06-17 14:13 . 2008-02-21 18:31 1,073,745 --a------ C:\WINDOWS\SYSTEM32\drivers\VBEngNT.sys
2008-06-17 14:13 . 2008-03-12 12:31 449,184 --a------ C:\WINDOWS\SYSTEM32\drivers\SandBox.sys
2008-06-17 14:13 . 2008-02-27 18:28 206,352 --a------ C:\WINDOWS\SYSTEM32\drivers\afw.sys
2008-06-17 14:13 . 2007-10-29 17:45 49 --a------ C:\WINDOWS\transp.gif
2008-06-17 14:10 . 2008-06-20 13:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\Filt
2008-06-17 14:10 . 2008-06-17 14:10 <DIR> d-------- C:\Program Files\Agnitum
2008-06-17 14:10 . 2008-06-17 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-15 15:19 . 2008-06-17 15:04 <DIR> d-------- C:\Program Files\Free Download Manager
2008-06-15 15:19 . 2008-06-15 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-12 12:16 . 2008-06-13 06:10 272,128 --a------ C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-02 14:32 . 2008-06-17 11:56 <DIR> d-------- C:\Program Files\Flash Favorite
2008-05-26 20:11 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys
2008-05-26 20:11 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbaudio.sys
2008-05-26 20:11 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys
2008-05-26 20:11 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbccgp.sys
2008-05-26 20:11 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\drivers\hidusb.sys
2008-05-26 20:11 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\hidusb.sys
2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35 . 2008-05-26 17:35 <DIR> d-------- C:\Program Files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 20:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-22 03:25 --------- d-----w C:\Program Files\Java
2008-06-20 19:51 --------- d-----w C:\Program Files\WildTangent
2008-06-19 09:48 --------- d-----w C:\Program Files\HP Instant Support
2008-06-19 03:04 --------- d-----w C:\Program Files\RegistryFix
2008-06-18 03:02 --------- d-----w C:\Program Files\DivX
2008-06-17 22:38 --------- d-----w C:\Program Files\ZipItFree
2008-06-17 22:14 --------- d-----w C:\Program Files\Common Files\Scanner
2008-06-17 22:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 22:07 --------- d-----w C:\Program Files\Tcl
2008-06-17 22:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-17 22:06 --------- d-----w C:\Program Files\Realtek AC97
2008-06-17 22:06 --------- d-----w C:\Program Files\QuickenFC
2008-06-17 22:06 --------- d-----w C:\Program Files\Python
2008-06-17 22:06 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2008-06-17 22:05 --------- d-----w C:\Program Files\Microsoft Works
2008-06-17 22:04 --------- d-----w C:\Program Files\HPSelect
2008-06-17 22:04 --------- d-----w C:\Program Files\HP RecordNow
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-17 22:04 --------- d-----w C:\Program Files\Common Files\aolshare
2008-06-17 22:03 --------- d-----w C:\Program Files\Common Files\aolback
2008-06-17 22:03 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-17 22:03 --------- d-----w C:\Program Files\America Online 9.0
2008-06-17 22:03 --------- d-----w C:\Program Files\AlbumPlayer
2008-06-17 18:56 --------- d-----w C:\Program Files\YouTube Downloader
2008-06-17 18:55 --------- d-----w C:\Program Files\PopCap Games
2008-06-15 23:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-05-22 22:22 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\SYSTEM32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-05-19 00:48 --------- d-----w C:\Program Files\Aimersoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2008-04-24 05:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-04-07 20:13 487,105 ----a-w C:\WINDOWS\JAVA\Packages\ACNR5BXZ.ZIP
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msjint40.dll
2007-06-03 17:48 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-18 01:50 0 -c--a-w C:\Program Files\Common Files\err.log
.

((((((((((((((((((((((((((((( [email protected]_15.43.56.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-24 22:27:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 12:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 16:34 212992]
"NvCplDaemon"="NvQTwk,NvCplDaemon initialize" []
"S3TRAY2"="S3tray2.exe" [2001-10-04 12:06 69632 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 18:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 17:36 90112]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [2001-10-12 11:41 135168]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [2001-10-11 17:20 143360]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [2001-10-11 17:20 122880]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 19:33 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [2008-04-04 10:17 587176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [2008-03-09 09:46:53 869]
hp center.lnk.disabled [2008-03-03 20:54:49 1811]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-05-26 02:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"C:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-27 18:28]
R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\DRIVERS\VBEngNT.sys [2008-02-21 18:31]
R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [2008-03-12 12:32]
S3 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-05-21 18:15]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 14:39:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\OP_CACHE.ATR 528 bytes
C:\OP_CACHE.IDX 264 bytes
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OP_CACHE.ATR 24 bytes
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OP_CACHE.IDX 12 bytes
C:\WINDOWS\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\WINDOWS\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\WINDOWS\system32\wbem\OP_CACHE.ATR 1104 bytes
C:\WINDOWS\system32\wbem\OP_CACHE.IDX 552 bytes
C:\WINDOWS\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\WINDOWS\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\WINDOWS\system32\drivers\OP_CACHE.ATR 2784 bytes
C:\WINDOWS\system32\drivers\OP_CACHE.IDX 1392 bytes
C:\WINDOWS\OP_CACHE.ATR 8280 bytes
C:\WINDOWS\OP_CACHE.IDX 4140 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\OP_CACHE.ATR 192 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\OP_CACHE.IDX 96 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\aolsystrayservice\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\aolsystrayservice\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\settingsManagerApp\ver1_1_20_1\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\settingsManagerApp\ver1_1_20_1\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\softwareUpdate\ver1_14_4_2\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\1158094875\EE\services\softwareUpdate\ver1_14_4_2\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\ACS\OP_CACHE.IDX 120 bytes
C:\Program Files\Common Files\AOL\ACS\OP_CACHE.ATR 240 bytes
C:\Program Files\Common Files\AOL\AOL Network Magic\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\AOL Network Magic\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\AOL Spyware Protection\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\AOL Spyware Protection\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\AOLDiag\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\AOLDiag\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\AOL\IPHSend\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\IPHSend\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\Loader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\Loader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\Screensaver\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\AOL\Screensaver\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\AOL\System Information\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\AOL\System Information\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\AOL\TopSpeed\2.0\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\AOL\TopSpeed\2.0\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\aolback\Comps\acs\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\acs\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\asp\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\asp\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\coach\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\coach\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\deskbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\deskbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\flash\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\flash\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\fw\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\fw\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\ocp\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\ocp\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\qt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\qt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\rp\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\aolback\Comps\rp\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\aolback\Comps\sysinfo\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\sysinfo\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\tb\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\tb\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\toolbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\toolbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\tpspd\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\Comps\tpspd\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolback\Comps\vwpt\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\aolback\Comps\vwpt\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\aolback\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\aolback\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\aolshare\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\aolshare\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\InstallShield\IScript\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\IScript\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\UpdateService\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\InstallShield\UpdateService\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\LightScribe\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\LightScribe\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\Microsoft Shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\dasetup\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\dasetup\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Equation\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Equation\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Grphflt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Grphflt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Investor\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Investor\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\MSDraw\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\MSDraw\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Note-It\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Note-It\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Shoebox\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Shoebox\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Speech\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Speech\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\TextConv\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Microsoft Shared\TextConv\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Triedit\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Microsoft Shared\Triedit\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Microsoft Shared\VGX\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\VGX\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Web Folders\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\Web Folders\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\WordArt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Microsoft Shared\WordArt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\OP_CACHE.ATR 408 bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\OP_CACHE.IDX 204 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Real\GToolbar\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Real\GToolbar\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Real\Update\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Real\Update\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Real\Update_OB\OP_CACHE.ATR 120 bytes
C:\Program Files\Common Files\Real\Update_OB\OP_CACHE.IDX 60 bytes
C:\Program Files\Common Files\Roxio Shared\DLLShared\OP_CACHE.ATR 240 bytes
C:\Program Files\Common Files\Roxio Shared\DLLShared\OP_CACHE.IDX 120 bytes
C:\Program Files\Common Files\Roxio Shared\Dragon\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Dragon\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\MainConcept\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\Roxio Shared\MainConcept\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\Roxio Shared\MPEG\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\Roxio Shared\MPEG\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Main\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Roxio Shared\Roxio Central\Main\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCom\OP_CACHE.ATR 192 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCom\OP_CACHE.IDX 96 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\OP_CACHE.ATR 1176 bytes
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\OP_CACHE.IDX 588 bytes
C:\Program Files\Common Files\Scanner\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Scanner\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Sonic Shared\OP_CACHE.ATR 216 bytes
C:\Program Files\Common Files\Sonic Shared\OP_CACHE.IDX 108 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\OP_CACHE.IDX 12 bytes
C:\WINDOWS\system32\OP_CACHE.ATR 22968 bytes
C:\WINDOWS\system32\OP_CACHE.IDX 11484 bytes

scan completed successfully
hidden files: 166

**************************************************************************
.
Completion time: 2008-06-25 14:49:46
ComboFix-quarantined-files.txt 2008-06-25 21:49:33
ComboFix2.txt 2008-06-24 22:45:34

Pre-Run: 12,433,629,184 bytes free
Post-Run: 12,424,667,136 bytes free

385 --- E O F --- 2008-06-25 10:20:29
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar,

STEP 1
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP 2
Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~
In your next reply please have these logs.
The MalwareBytes log
The Kaspersky log
A new HijackThis log
And please tell me if you are still having any errors or other problems with your computer
  • 0

#11
mr_superstar

mr_superstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

when i try to run kaspersky it starts to update the it says java failed
  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello mr_superstar,

when i try to run kaspersky it starts to update the it says java failed

Ok, thats no problem we will try another online scanner.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
~~~~~~~~~~~~
In your next reply please have these logs.
The MalwareBytes log
The Panda log
A new HijackThis log
And please tell me if you are still having any errors or other problems with your computer
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP