Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abebot Trojandownloader.xs


  • This topic is locked This topic is locked
5 replies to this topic

#1 beachfront

beachfront

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 04 April 2008 - 05:54 PM

Help!
I get this pop up window some times red sometimes blue and white and a yellow triangle at bottom right asking to save my computer and download thier software!

Here is my Hijack this print out

Please help ,

Thank You

Hijack log


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-04 15:25:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-04-04 22:26:12 UTC - RP368 - Deckard's System Scanner Restore Point
72: 2008-04-03 23:10:16 UTC - RP367 - Removed Brother MFL-Pro Suite
71: 2008-04-03 22:54:08 UTC - RP366 - Removed Google Toolbar for Internet Explorer
70: 2008-04-02 21:43:25 UTC - RP365 - System Checkpoint
69: 2008-04-01 21:08:40 UTC - RP364 - System Checkpoint


-- First Restore Point --
1: 2008-01-10 17:46:19 UTC - RP296 - Unsigned driver install


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:06 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\yjwhunel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AO3YVPUS\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [A00F185129.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F185129.exe
O4 - HKCU\..\Run: [hdxhhaeo] C:\WINDOWS\system32\yjwhunel.exe
O4 - HKCU\..\Run: [A00F18AC3B.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F18AC3B.exe
O4 - HKCU\..\Run: [A00F18F7C4.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F18F7C4.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/common/m...MINIBrowser.CAB
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/Rin...sage_Player.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c00BD040 - C:\WINDOWS\system32\__c00BD040.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.sdcahomesandloans.com/img/containerbg.jpg

--
End of file - 9990 bytes

-- File Associations -----------------------------------------------------------

.scr - DWGTrueViewScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BrScnUsb (Brother USB Still Image driver) - c:\windows\system32\drivers\brscnusb.sys <Not Verified; Brother Industries Ltd.; Brother MFC Scanner>
S3 PIXMCVA (JVC PIX-MCV Audio Capture) - c:\windows\system32\drivers\pixmcva.sys <Not Verified; Pixela; Pixela>
S3 PIXMCVV (JVC PIX-MCV Video Capture) - c:\windows\system32\drivers\pixmcvv.sys <Not Verified; Pixela; Pixela>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\16F41E0B805
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\16F41E0B805
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 15:29:00 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (ROBERT-Administrator).job
2008-04-04 15:28:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (LAPTOP-Maria).job
2008-04-04 15:26:00 478 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (LAPTOP-Robert).job
2008-04-04 15:25:00 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (LAPTOP-Administrator).job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 15:17:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 15:17:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-04 15:17:08 0 d-------- C:\WINDOWS\LastGood
2008-04-04 14:58:55 0 d-------- C:\Program Files\Trend Micro
2008-04-04 12:20:37 0 d-------- C:\Program Files\a-squared Free
2008-04-03 17:06:24 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-03 17:06:23 2549 --a------ C:\WINDOWS\unins000.dat
2008-04-03 15:52:14 55 --a------ C:\xcrashdump.dat
2008-04-03 15:38:32 0 d-------- C:\WINDOWS\system32\375013
2008-04-03 15:26:04 37376 --a------ C:\WINDOWS\system32\__c0060E.dat
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-03 15:25:57 0 d-------- C:\WINDOWS\system32smp
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\bdn.com
2008-04-03 15:25:57 4096 --a------ C:\WINDOWS\a.bat
2008-04-03 15:25:57 0 d-------- C:\Documents and Settings\Administrator\Desktopvirii
2008-04-03 15:25:57 4096 --a------ C:\Documents and Settings\Administrator\DesktopFWebdEditor.exe
2008-04-03 15:25:57 4096 --a------ C:\Documents and Settings\Administrator\Desktopfwebd.exe
2008-04-03 15:25:57 4096 --a------ C:\Documents and Settings\Administrator\Desktopfilemanagerclient.exe
2008-04-03 15:25:56 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-03 15:25:56 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-03 15:25:56 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-03 15:25:45 37376 --a------ C:\WINDOWS\system32\__c0047809.dat
2008-04-03 15:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\khupivab
2008-04-03 15:25:42 90112 --a------ C:\WINDOWS\system32\yjwhunel.exe
2008-04-03 15:25:21 37376 --a------ C:\WINDOWS\system32\__c00BD040.dat
2008-03-26 12:50:15 0 d-------- C:\Program Files\Common Files\HP
2008-03-26 12:36:10 142067 --a------ C:\WINDOWS\hpwins05.dat
2008-03-24 20:55:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-03-24 20:50:50 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-24 20:43:40 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-24 20:39:03 0 d-------- C:\TEMP
2008-03-24 20:37:47 0 d-------- C:\WINDOWS\carrier
2008-03-24 20:37:12 0 d-------- C:\Program Files\HP
2008-03-04 12:41:13 0 d-------- C:\WINDOWS\system32\Color
2008-03-04 12:35:29 0 d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint


-- Find3M Report ---------------------------------------------------------------

2008-04-04 11:58:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-03 16:10:28 0 d-------- C:\Program Files\Brother
2008-04-03 16:10:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-03 16:02:37 0 d-------- C:\Program Files\Google
2008-03-26 12:50:48 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-26 12:50:15 0 d-------- C:\Program Files\Common Files
2008-03-18 17:57:35 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-03-10 17:08:46 0 d-------- C:\Program Files\Digital Photo Navigator 1.0
2008-03-04 12:41:31 0 d-------- C:\Program Files\ScanButton 2.4
2008-03-04 12:41:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-06 17:50:28 186443 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
2008-02-06 17:50:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\WebEx


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 12:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 08:10 PM]
"AGRSMMSG"="AGRSMMSG.exe" [08/29/2003 09:44 AM C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [10/02/2004 05:34 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/09/2004 04:09 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/09/2004 04:09 PM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 05:24 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2003 02:19 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 03:43 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM]
"RCHotKey"="C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe" []
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 07:44 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [12/04/2003 05:44 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"A00F185129.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F185129.exe" []
"hdxhhaeo"="C:\WINDOWS\system32\yjwhunel.exe" [04/03/2008 03:25 PM]
"A00F18AC3B.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F18AC3B.exe" []
"A00F18F7C4.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F18F7C4.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 12:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 12:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BD040]
C:\WINDOWS\system32\__c00BD040.dat 04/04/2008 09:55 AM 37376 C:\WINDOWS\system32\__c00BD040.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16005ea2-d694-11dc-a286-00e0b8949caa}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16005eaa-d694-11dc-a286-00e0b8949caa}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe




-- Hosts -----------------------------------------------------------------------

192.168.1.111 HP0017A430CE40


-- End of Deckard's System Scanner: finished at 2008-04-04 15:30:21 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.80GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 502.42 MiB / 185.56 MiB
Pagefile Memory (total/avail): 1225.84 MiB / 700.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.18 MiB

C: is Fixed (NTFS) - 50.02 GiB total, 34.38 GiB free.
D: is Fixed (FAT32) - 5.85 GiB total, 4.43 GiB free.
E: is CDROM (No Media)
X: is Network (Unformatted)
Y: is Network (Unformatted)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - HTS541060G9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 50.02 GiB - C:
\PARTITION1 - Unknown - 5.86 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1169 [VPS 080404-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Five9\\Softphone\\Five9VirtualContactCenter.exe"="C:\\Program Files\\Five9\\Softphone\\Five9VirtualContactCenter.exe:*:Enabled:Five9VirtualContactCenter"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Raketu\\Raketu.exe"="C:\\Program Files\\Raketu\\Raketu.exe:*:Enabled:Raketu"
"C:\\Program Files\\Raketu\\RakOut\\rakOut.exe"="C:\\Program Files\\Raketu\\RakOut\\rakOut.exe:*:Enabled:rakOut"
"C:\\Program Files\\eSignal\\winros.exe"="C:\\Program Files\\eSignal\\winros.exe:*:Disabled:eSignal Data Manager"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"="C:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe:*:Disabled:RingCentral"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"E:\\setup\\HPZnet01.exe"="E:\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\\setup\\hponicifs01.exe"="E:\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert (new local, admin)
Maria
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
4x Made Easy v7.0 ™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{68988FBF-0FBA-4D95-94F6-29EAFDC7EADE}
a-squared Free 3.1 --> "C:\Program Files\a-squared Free\unins000.exe"
ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~2.0SP\bitdeins.ini
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACT! --> C:\WINDOWS\IsUninstAct.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems AC'97 Modem --> agrsmdel
Asistente Prodigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF95557C-A14A-42D2-8C9D-E9650D1A8016}\setup.exe" -l0xa -removeonly
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CalyxLoanBridge11 --> MsiExec.exe /X{192A3445-56FC-47B3-B706-17D599E3B630}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Digital Photo Navigator 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\setup.exe"
DVD@ccess 2.0.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
DWG TrueView 2008 --> C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FundingSuite CalyxPoint Interface --> MsiExec.exe /I{9CA105BE-E29F-4BB3-8B44-D6751B2D1F72}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
hp officejet g series --> C:\WINDOWS\system32\hpocon09.exe /u 1203376552 /d "hp officejet g series"
HP Officejet Pro All-In-One Series --> C:\Program Files\HP\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
hp photosmart 7900 series --> rundll32 hpzcon09.dll,VendorJettison hp photosmart 7900 series
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}\Setup.exe" -l0x9
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Excel 2000 SR-1 --> MsiExec.exe /I{00110409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MiraScan V3.43 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\Mira3_43\Uninst.isu
MPM --> MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}\setup.exe" -l0x9 -uninst
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster Gold 3.00 --> c:\pmw\msrun.exe
Prodigy Infinitum Módem Router Inalámbrico --> C:\Program Files\Prodigy Infinitum\Uninstaller.exe
Raketu - Communications Information and Entertainment --> "C:\Windows\uninstallW.exe"
Real Estate Transaction Viewer --> C:\PROGRA~1\TRANSA~1\UNWISE.EXE C:\PROGRA~1\TRANSA~1\INSTALL.LOG
ScanButton --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E6875D5-5A1D-4569-840F-371FF391A4CE}\setup.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
TripleCalc --> C:\PROGRA~1\TRIPLE~1\UNWISE.EXE C:\PROGRA~1\TRIPLE~1\INSTALL.LOG
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type710 / Error
Event Submitted/Written: 04/03/2008 04:51:47 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 617961694.

Event Record #/Type709 / Error
Event Submitted/Written: 04/03/2008 04:51:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application LSUpdateManager.exe, version 7.0.2.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type693 / Error
Event Submitted/Written: 04/02/2008 05:15:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 7.0.8.218, faulting module unknown, version 0.0.0.0, fault address 0x24002bcb.
Processing media-specific event for [acrord32.exe!ws!]

Event Record #/Type690 / Error
Event Submitted/Written: 04/01/2008 06:20:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type689 / Error
Event Submitted/Written: 04/01/2008 06:20:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type49809 / Error
Event Submitted/Written: 04/04/2008 03:29:51 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type49799 / Error
Event Submitted/Written: 04/04/2008 02:17:31 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{04CA9430-B523-4CEB-984D-5A5BC5CA6835}.
The backup browser is stopping.

Event Record #/Type49776 / Error
Event Submitted/Written: 04/04/2008 02:14:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type49760 / Error
Event Submitted/Written: 04/04/2008 01:30:59 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{04CA9430-B523-4CEB-984D-5A5BC5CA6835}.
The backup browser is stopping.

Event Record #/Type49738 / Error
Event Submitted/Written: 04/04/2008 01:28:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-04-04 15:30:21 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:50 PM

Posted 05 April 2008 - 07:46 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:50 PM

Posted 06 April 2008 - 01:53 AM

Received via PM:

M bam log fileMalwarebytes' Anti-Malware 1.10
Database version: 594

Scan type: Quick Scan
Objects scanned: 34132
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\yjwhunel.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6edcaa62-21a4-421d-a1ed-298f480c3050} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6efb1cab-d26f-4255-b8f9-8fcef22d7c1e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{230fab55-749b-485d-9b09-9179e022591f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yjwhunel.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Now Hijack this Log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:03 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [hdxhhaeo] C:\WINDOWS\system32\yjwhunel.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/common/m...MINIBrowser.CAB
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/Rin...sage_Player.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c00BD040 - C:\WINDOWS\system32\__c00BD040.dat (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.sdcahomesandloans.com/img/containerbg.jpg


Please don't PM me with the logs, but post them in this thread instead.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:50 PM

Posted 06 April 2008 - 01:54 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKCU\..\Run: [hdxhhaeo] C:\WINDOWS\system32\yjwhunel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: __c00BD040 - C:\WINDOWS\system32\__c00BD040.dat (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:50 PM

Posted 13 April 2008 - 04:48 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:50 PM

Posted 17 April 2008 - 11:02 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users