Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

generic host process for win32 services has encountered a problem and


  • This topic is locked This topic is locked

#1
cooljazz

cooljazz

    Member

  • Member
  • PipPip
  • 14 posts
Hello all,

I come to you with a perplexing problem concerning the above error message. I couldn't get into any program due to the constant pop up of this message. No access to msconfig (doesn't work), search is also missing some components. I did run some antivirus software (super anti-spyware, ad-aware, spybot) and they removed some of the issues, but still getting the "generic host process for win32 services has encountered a problem and needs to close" error. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:31 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\FotoNation\EvLstnr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\NOMADAPP\Portable Programs\W32\OnSpec\NOMAD.EXE
G:\NOMADAPP\Portable Programs\W32\OnSpec\REDEMPTION\REDEMPTION.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {1F85A4B6-EDCE-4258-8104-F2DDCB9F39AF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B15FEFC6-9A1F-4A1C-9D35-A9017E774291} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {F3A6DB4D-9C5F-4DD8-A938-FF598306905F} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 12129 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello cooljazz,
Sorry about the delay.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#3
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the reply. FYI, I couldn't do any of the preliminaries but scan for viruses. Logs:

ComboFix 09-02-10.03 - Owner 2009-02-11 12:13:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.618 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\RKHit.sys

.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-08 21:54 . 2009-02-08 21:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\HP
2009-02-08 21:39 . 2009-02-08 21:39 <DIR> d-------- C:\bin
2009-02-08 21:38 . 2009-02-08 21:38 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-08 21:38 . 2009-02-08 21:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-02-08 21:36 . 2009-02-08 21:37 <DIR> d-------- c:\program files\Common Files\HP
2009-02-08 21:33 . 2009-02-08 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-08 21:33 . 2006-05-08 16:04 430,080 -ra------ c:\windows\system32\hp4370co.dll
2009-02-08 21:32 . 2009-02-08 21:32 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-08 21:28 . 2009-02-08 21:52 102,174 --a------ c:\windows\hpgins15.dat
2009-02-08 21:28 . 2006-05-18 13:09 282 --------- c:\windows\hpgmdl15.dat
2009-02-08 21:01 . 2001-08-17 22:36 37,376 --a------ c:\windows\system32\kousd.dll
2009-02-08 21:01 . 2001-08-17 22:36 37,376 --a------ c:\windows\system32\dllcache\kousd.dll
2009-02-08 18:59 . 2009-02-08 18:59 <DIR> d-------- c:\documents and settings\Owner\Application Data\GlarySoft
2009-02-07 15:10 . 2009-02-07 15:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 15:10 . 2009-02-07 15:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-02-07 15:10 . 2009-02-07 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 15:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 15:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 14:52 . 2009-02-07 14:52 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-07 14:52 . 2009-02-07 14:52 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-07 14:52 . 2009-02-07 14:52 <DIR> d-------- c:\program files\MSBuild
2009-02-07 14:50 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-07 14:50 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-07 14:50 . 2008-07-06 05:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-07 14:50 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-07 14:50 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-07 14:50 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-07 14:50 . 2008-07-06 07:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-05 01:22 . 2009-02-05 01:22 <DIR> d-------- c:\windows\Sun
2009-02-03 11:39 . 2009-02-03 11:39 <DIR> d-------- c:\program files\Java
2009-02-03 11:39 . 2009-02-03 11:39 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 11:39 . 2009-02-03 11:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 11:10 . 2009-02-08 00:13 122 --a------ c:\windows\REDEMUNINS.INI
2009-02-01 05:13 . 2009-02-01 05:13 <DIR> d-------- c:\program files\Perfect Uninstaller
2009-02-01 05:13 . 2009-02-01 05:13 <DIR> d-------- c:\documents and settings\Administrator.HEWLETT-SPCPS5T\Application Data\Symantec
2009-02-01 05:13 . 2009-02-01 05:13 <DIR> d-------- c:\documents and settings\Administrator.HEWLETT-SPCPS5T\Application Data\InterTrust
2009-02-01 05:12 . 2009-02-01 05:12 <DIR> d-------- c:\program files\2Wire Wireless Manager
2009-01-31 23:58 . 2009-01-31 23:58 <DIR> d-------- c:\windows\wt
2009-01-30 11:24 . 2009-01-30 11:24 <DIR> d-------- c:\program files\Trend Micro
2009-01-29 07:49 . 2009-01-31 23:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-29 07:49 . 2009-01-31 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 00:26 . 2009-01-31 23:58 <DIR> d-------- c:\program files\Mozilla Firefox(2)
2009-01-28 23:10 . 2009-01-28 23:10 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2009-01-28 16:20 . 2009-01-28 16:20 <DIR> d-------- c:\program files\Lavasoft
2009-01-28 16:20 . 2009-02-01 00:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-28 08:43 . 2009-02-01 05:13 <DIR> d-------- c:\program files\Absolute Uninstaller
2009-01-19 14:19 . 2009-02-01 05:11 <DIR> d-------- c:\documents and settings\Administrator.HEWLETT-SPCPS5T
2009-01-16 03:18 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-16 03:02 . 2009-02-01 05:11 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 02:47 . 2009-01-16 02:47 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-01-16 02:47 . 2009-01-16 02:47 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-01-16 02:47 . 2009-01-16 02:47 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-01-16 02:47 . 2009-01-16 02:47 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-01-16 00:22 . 2009-01-16 00:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 17:06 --------- d-----w c:\program files\TrueSwitchAT&TYahoo
2009-02-09 02:34 --------- d-----w c:\program files\HP
2009-02-01 10:13 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-01 10:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 10:12 --------- d-----w c:\documents and settings\All Users\Application Data\2Wire
2009-02-01 10:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-13 23:05 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-10 07:06 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-28 23:53 --------- d-----w c:\program files\Common Files\ArcSoft
2008-12-28 23:53 --------- d-----w c:\documents and settings\Owner\Application Data\ArcSoft
2008-12-28 22:49 --------- d-----w c:\program files\PI6
2008-12-28 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 21:22 --------- d-----w c:\program files\Photo Viewer
2008-07-29 19:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-28 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP TV Now"="c:\program files\Hewlett-Packard\HP TV Now\HpTvNow.exe" [2002-03-07 237568]
"HP Display Settings"="c:\program files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [2002-03-07 61440]
"CP4HPOT"="c:\progra~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [2002-02-22 90112]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-29 32768]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-20 52736]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-01 102455]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"MMTray"="c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2001-11-07 86016]
"WT GameChannel"="c:\program files\WildTangent\Apps\GameChannel.exe" [2003-04-30 184784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2001-12-17 483394]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-07-15 180269]
"EVENTLISTENER"="c:\program files\Common Files\FotoNation\EvLstnr.exe" [2000-06-20 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-31 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"2Wire Wireless Manager"="c:\program files\2Wire Wireless Manager\2Wire.exe" [2007-10-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"EssSpkPhone"="essspk.exe" [2001-09-25 c:\windows\essspk.exe]
"S3TRAY2"="S3tray2.exe" [2001-12-17 c:\windows\system32\S3tray2.exe]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-08 c:\windows\system32\sbusbdll.dll]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchAT&TYahoo\TrueWizard.exe [2008-10-23 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-28 09:50 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [1980-01-01 23936]
S3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys --> c:\windows\system32\Drivers\ov550i.sys [?]
S3 PacketNTx;Packet helper driver;c:\windows\system32\drivers\PacketNTx.sys [2003-06-14 24544]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-07-10 1643648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder

2002-06-03 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2002-06-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2002-06-03 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2002-06-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2002-06-03 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HPLaptopGamesActiveMenu - c:\program files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
HKLM-Run-MPFTray - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-Redemption - \redemption.exe
HKLM-Run-MISAggregator - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
mSearch Bar = hxxp://srch-us4nb.hpwis.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai50o2xg.default\
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 12:15:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe??????????0y?w????????????????~y?w?????????????????? ?????????P????????????!???H?g???g2???f+?g????????(???????)??gP??????gP????<U??:[email protected]???T???T???????????????????U?????Z?O?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\midimap.dll
.
Completion time: 2009-02-11 12:19:19
ComboFix-quarantined-files.txt 2009-02-11 17:18:46

Pre-Run: 18,038,091,776 bytes free
Post-Run: 18,360,152,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

207 --- E O F --- 2009-01-11 04:47:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:13 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\FotoNation\EvLstnr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {1F85A4B6-EDCE-4258-8104-F2DDCB9F39AF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B15FEFC6-9A1F-4A1C-9D35-A9017E774291} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {F3A6DB4D-9C5F-4DD8-A938-FF598306905F} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 9276 bytes
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello cooljazz,

I did not see any anti-virus software on your computer. Without any anti-virus software you can get a virus more easily. I recommend that you should download a anti-virus program. Here are two to choose from(both of them are free).
AntiVir
AVG
Out of these two I would recommend AntiVir. Please only install one anti-virus on your computer at a time. Running more then one at a time can cause conflicts and can also slow your computer down. If you need any help installing one please let me know.






  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#5
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for the delay. I took off my anti-virus (McAfee) because it was interfering with the operation of ComboFix. I installed Avira instead. I ran Malwarebytes but I couldn't get Kaspersky to run. It got to updating the databases and then lock up. I ran a complete scan with Avira and it found two malwares and 4 warnings. I quarantined the files and then tried running Kaspersky again, with the same results. Here are the Malwarebytes and Avira logs:

Malwarebytes' Anti-Malware 1.34
Database version: 1752
Windows 5.1.2600 Service Pack 3

2/12/2009 12:50:01 AM
mbam-log-2009-02-12 (00-50-01).txt

Scan type: Quick Scan
Objects scanned: 72642
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Avira AntiVir Personal
Report file date: Thursday, February 12, 2009 09:52

Scanning for 1240990 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HEWLETT-SPCPS5T

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 05:38:32
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 2/11/2009 05:38:32
ANTIVIR3.VDF : 7.1.2.14 2048 Bytes 2/11/2009 05:38:33
Engineversion : 8.2.0.76
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/12/2009 05:38:43
AESCRIPT.DLL : 8.1.1.43 344442 Bytes 2/12/2009 05:38:42
AESCN.DLL : 8.1.1.6 127348 Bytes 2/12/2009 05:38:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/12/2009 05:38:41
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2/12/2009 05:38:39
AEHEUR.DLL : 8.1.0.90 1573237 Bytes 2/12/2009 05:38:38
AEHELP.DLL : 8.1.2.0 119159 Bytes 2/12/2009 05:38:35
AEGEN.DLL : 8.1.1.14 332148 Bytes 2/12/2009 05:38:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.4 176501 Bytes 2/12/2009 05:38:34
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, February 12, 2009 09:52

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'helpsvc.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'TrueWizard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'RcMan.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'EvLstnr.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'GameChannel.exe' - '1' Module(s) have been scanned
Scan process 'mm_tray.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'HpSrvUI.exe' - '1' Module(s) have been scanned
Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
Scan process 'hptasks.exe' - '1' Module(s) have been scanned
Scan process 'S3tray2.exe' - '1' Module(s) have been scanned
Scan process 'essspk.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RadioSvr.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [20001]:

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\' <HPNOTEBOOK>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{00608023-2E6D-4F0C-9FDB-68CD6B944314}\RP241\A0050160.ocx
[DETECTION] Is the TR/PSW.Agent.ani Trojan
[NOTE] The file was moved to '49c4407b.qua'!
C:\System Volume Information\_restore{00608023-2E6D-4F0C-9FDB-68CD6B944314}\RP243\A0056898.ocx
[DETECTION] Is the TR/PSW.Agent.ani Trojan
[NOTE] The file was moved to '49c440f9.qua'!


End of the scan: Thursday, February 12, 2009 10:50
Used time: 57:48 Minute(s)

The scan has been done completely.

6887 Scanning directories
225041 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
225037 Files not concerned
6764 Archives were scanned
4 Warnings
2 Notes

I'll keep trying the Kaspersky, but no success yet.
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello cooljazz,

I'll keep trying the Kaspersky, but no success yet.

Please try this scanner.




Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#7
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for taking so long in getting back; I got so frustrated with the thing I just went ahead and did a wipe and reinstall of XP. Luckily it's not my primary system. Thanks for the help anyway :)
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello cooljazz,
No problem, sorry to hear you went ahead and wiped the hard drive.

Here are a few programs to help you from getting infected and other good programs.



The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • 0

#9
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP