Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Security Tool 7.1 And Many, Many Pop Ups!


  • This topic is locked This topic is locked
11 replies to this topic

#1 cecoen

cecoen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 06 May 2008 - 05:31 PM

Well, I got it. I did manage to rid myself of the security tool 7.1 tool bar but my home page is still wrong and pop ups everywhere. Please help. Here is the logs as per the read me first instructions. THX!

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-06 18:23:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-05-06 22:23:13 UTC - RP426 - Deckard's System Scanner Restore Point
96: 2008-05-06 15:08:08 UTC - RP425 - Removed URGE
95: 2008-05-06 04:14:30 UTC - RP424 - System Checkpoint
94: 2008-05-05 00:52:17 UTC - RP423 - System Checkpoint
93: 2008-05-03 23:39:33 UTC - RP422 - System Checkpoint


-- First Restore Point --
1: 2008-02-06 22:40:22 UTC - RP330 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:25 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetProject\scit.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\DOCUME~1\HP_ADM~1\Desktop\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014406900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014391649
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O22 - SharedTaskScheduler: communa - {af73a174-ea1b-4f0b-b0b1-fe1486a6719c} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 10724 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\HP_ADM~1\Desktop\backups\) ------------

backup-20080506-135519-687 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080506-135519-806 O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
backup-20080506-135519-848 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080506-135520-107 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
backup-20080506-135520-173 O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
backup-20080506-135520-317 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080506-135520-348 O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
backup-20080506-135520-477 O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
backup-20080506-135520-621 O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
backup-20080506-135520-723 O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
backup-20080506-135520-765 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080506-135520-863 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
backup-20080506-135521-451 O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
backup-20080506-140441-657 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
backup-20080506-140441-899 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
backup-20080506-140518-258 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

-- File Associations -----------------------------------------------------------

.ini - GetDiz.Document - DefaultIcon - unable to read value
.ini - GetDiz.Document - shell\open\command - "C:\Program Files\GetDiz\GetDiz.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 UTSCSI (CLCV0) - c:\windows\system32\utscsi.exe <Not Verified; ; UTSCSI Application>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 18:22:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-06 18:01:26 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{36223C90-5B81-4B2D-8F21-EC6EBEA53E95}.job
2008-05-03 17:35:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 11:53:53 0 --a------ C:\Documents and Settings\HP_Administrator\NULL
2008-05-06 11:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 11:05:22 0 d-------- C:\WINDOWS\system32\527631
2008-05-06 11:05:15 0 d-------- C:\Program Files\NetProject
2008-04-20 00:10:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-04-19 23:51:37 0 d-------- C:\Program Files\Lx_cats
2008-04-19 23:51:06 0 d-------- C:\logs
2008-04-19 23:49:01 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-19 23:48:41 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-04-19 23:48:30 286720 --a------ C:\WINDOWS\system32\LXDCinst.dll
2008-04-19 23:48:29 323584 --a------ C:\WINDOWS\system32\LXDChcp.dll <Not Verified; ; Printer Communication System>
2008-04-18 21:30:03 0 d-------- C:\Program Files\iPod
2008-04-18 21:29:57 0 d-------- C:\Program Files\iTunes
2008-04-18 21:28:13 0 d-------- C:\Program Files\QuickTime
2008-04-12 22:09:37 691545 --a------ C:\WINDOWS\unins001.exe
2008-04-12 22:09:37 2550 --a------ C:\WINDOWS\unins001.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-06 17:59:11 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2008-05-06 12:48:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-19 23:50:53 13312 --a-s---- C:\WINDOWS\system32\qdsba.dll
2008-04-18 21:24:00 0 d-------- C:\Program Files\Safari
2008-04-18 21:22:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 11:49:27 0 d-------- C:\Program Files\DivX
2008-03-29 18:37:03 0 d-------- C:\Program Files\HP
2008-03-29 18:21:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-03-27 17:22:46 1072 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:22:35 685849 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-03-24 23:39:20 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2008-03-22 20:34:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-13 22:29:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-03-11 21:08:14 0 d-------- C:\Program Files\Java
2008-02-13 12:38:20 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54160F28-994B-48DD-8D83-1B2F6B9EB054}]
05/06/2008 11:05 AM 13312 --a------ C:\WINDOWS\system32\527631\527631.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
05/06/2008 05:58 PM 7680 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [05/06/2008 11:05 AM 87552]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"HP SchedIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [04/22/2002 12:56 PM]
"HP AutoIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [04/22/2002 12:57 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [04/30/2007 04:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/23/2007 05:18 PM]
"cdloader"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [12/21/2007 10:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 2:23:26 AM]
HP LaserJet Director.lnk - C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [4/30/2007 12:41:20 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/22/2007 3:21:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe
"start"=C:\Program Files\NetProject\sbmntr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe
phone\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f416ecc-f382-11dc-8e24-0013d49b837f}]
AutoRun\command- N:\autorun.exe
phone\command- N:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-06 18:25:55 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 958.48 MiB / 633.84 MiB
Pagefile Memory (total/avail): 2312.49 MiB / 1972.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.63 MiB

C: is Fixed (NTFS) - 176.07 GiB total, 151.73 GiB free.
D: is Fixed (FAT32) - 10.21 GiB total, 3.5 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 279.47 GiB total, 116.61 GiB free.
H: is CDROM (CDFS)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (FAT32)
M: is Removable (FAT)

\\.\PHYSICALDRIVE1 - Maxtor 6V300F0 - 279.47 GiB - 1 partition
\PARTITION0 - Installable File System - 279.47 GiB - G:

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 10.23 GiB - D:
\PARTITION1 (bootable) - Installable File System - 176.07 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device - 1913.99 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 1919.98 MiB - L:

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - YMAX magicJack USB Device - 15.69 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 17.75 MiB - M:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:Lexmark Imaging Studio"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe:*:Enabled: "
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHAD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\CHAD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=CHAD
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ACDSee 5.0 PowerPack --> MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 --> MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /i{A178D0EF-B921-4B01-8ECA-17E03634AE10}
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /I{A178D0EF-B921-4B01-8ECA-17E03634AE10}
BlackBerry v4.1.0 for the 7100 Series Wireless Device --> MsiExec.exe /X{5C948326-6E97-4AE4-A9D7-F1339EA1CFFF}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Canon iP90 --> C:\WINDOWS\system32\CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmi0409.dll"
CL Buddy --> "C:\Program Files\CL Buddy\clbuddy\uninstall.exe"
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
GetDiz 3.0 --> C:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE C:\PROGRA~1\GetDiz\UNINST~1\install.log
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
hp LaserJet 3300 Uninstaller --> C:\Program Files\Hewlett-Packard\LaserJet 33xx\Uninstall\setup.exe uninst.ini
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Internet Service --> "C:\Program Files\NetProject\waun.exe"
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 1300 Series --> C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
magicJack Recovery Tool 1.0 --> "C:\WINDOWS\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.1 - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}\setup.exe" -l0x9
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
QuickBooks Premier: Accountant Edition 2006 --> msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="accountant" QBFULLNAME="QuickBooks Premier: Accountant Edition 2006" ADDREMOVE=1
QuickBooks Premier: Contractor Edition 2006 --> msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="contractor" QBFULLNAME="QuickBooks Premier: Contractor Edition 2006" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spell Checker For OE 2.1 --> C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Web Application --> "C:\Program Files\NetProject\scu.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type8142 / Warning
Event Submitted/Written: 05/06/2008 02:40:31 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type8141 / Warning
Event Submitted/Written: 05/06/2008 02:40:31 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type8137 / Warning
Event Submitted/Written: 05/06/2008 02:40:20 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Event Record #/Type8132 / Warning
Event Submitted/Written: 05/06/2008 11:55:45 AM
Event ID/Source: 20134 / BlackBerry
Event Description:
*** MAPI *** MailboxManager::SubsystemInitialize - MAPILogonEx (0x80040111)

Event Record #/Type8129 / Warning
Event Submitted/Written: 05/06/2008 11:55:36 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9072 / Error
Event Submitted/Written: 05/06/2008 02:40:30 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type9071 / Warning
Event Submitted/Written: 05/06/2008 02:40:26 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share EphPod because the directory C:\Documents and Settings\HP_Administrator\Start Menu\Programs\EphPod no longer exists. Please run "net share EphPod /delete" to delete the share, or recreate the directory C:\Documents and Settings\HP_Administrator\Start Menu\Programs\EphPod.

Event Record #/Type9069 / Error
Event Submitted/Written: 05/06/2008 02:40:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxdcCATSCustConnectService service failed to start due to the following error:
%%1053

Event Record #/Type9068 / Error
Event Submitted/Written: 05/06/2008 02:40:21 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService service to connect.

Event Record #/Type9024 / Error
Event Submitted/Written: 05/06/2008 11:55:36 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2



-- End of Deckard's System Scanner: finished at 2008-05-06 18:25:55 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 07 May 2008 - 01:31 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

Secure Browsing
J2SE Runtime Environment 5.0
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1



Make sure you reboot after removing each one.

Then post a new log from DSS here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 cecoen

cecoen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 07 May 2008 - 08:22 AM

THANK YOU!!!!!

OK, removed and rebooted after each removal of the Java crap. I did not see a secure browsing item. Ran deckard's again but only got one notepad this time? The first time, as pasted in the first post, it gave me two notepads of info, one expanded and one minimized. Also, I read the tutorial and removed some items myself while waiting on a response. I know, I am impatient. I found something called "netproject" in the first post that I discovered was not a good project and tried to remove it. However, it wouldn't budge. So I found the file and renamed all the .exe extensions and rebooted. Once they were not running it allowed me to delete them. The tool bar is gone, the pop ups have not shown up in a while, and I no longer have any foreign icons in the start bar. But now when I google something it pauses briefly before it gives me any results and if I click on any of the results a new window pops up and goes through a few redirects and ends up with what seems to be random web pages. One time it will give me a yellow pages site for some other city, another time it went to an airsoft gun site, ect, ect. Anyway, here is the info:

Will this do?


Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-07 08:51:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:17 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\ar00000\mjsetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\DOCUME~1\HP_ADM~1\Desktop\HP_ADM~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014406900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014391649
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8635 bytes

-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 00:00:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-06 23:56:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-06 19:54:44 0 d--hs---- C:\WINDOWS\CSC
2008-05-06 11:53:53 0 --a------ C:\Documents and Settings\HP_Administrator\NULL
2008-05-06 11:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 11:05:22 0 d-------- C:\WINDOWS\system32\527631
2008-04-20 00:10:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-04-19 23:51:37 0 d-------- C:\Program Files\Lx_cats
2008-04-19 23:51:06 0 d-------- C:\logs
2008-04-19 23:49:01 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-19 23:48:41 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-04-19 23:48:30 286720 --a------ C:\WINDOWS\system32\LXDCinst.dll
2008-04-19 23:48:29 323584 --a------ C:\WINDOWS\system32\LXDChcp.dll <Not Verified; ; Printer Communication System>
2008-04-18 21:30:03 0 d-------- C:\Program Files\iPod
2008-04-18 21:29:57 0 d-------- C:\Program Files\iTunes
2008-04-18 21:28:13 0 d-------- C:\Program Files\QuickTime
2008-04-12 22:09:37 691545 --a------ C:\WINDOWS\unins001.exe
2008-04-12 22:09:37 2550 --a------ C:\WINDOWS\unins001.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-07 08:50:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2008-05-07 08:48:45 0 d-------- C:\Program Files\Java
2008-05-06 12:48:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-18 21:24:00 0 d-------- C:\Program Files\Safari
2008-04-18 21:22:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 11:49:27 0 d-------- C:\Program Files\DivX
2008-03-29 18:37:03 0 d-------- C:\Program Files\HP
2008-03-29 18:21:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-03-27 17:22:46 1072 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:22:35 685849 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-03-24 23:39:20 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2008-03-22 20:34:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-13 22:29:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-02-13 12:38:20 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54160F28-994B-48DD-8D83-1B2F6B9EB054}]
05/06/2008 11:05 AM 13312 --a------ C:\WINDOWS\system32\527631\527631.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"HP SchedIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [04/22/2002 12:56 PM]
"HP AutoIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [04/22/2002 12:57 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [04/30/2007 04:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/23/2007 05:18 PM]
"cdloader"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [12/21/2007 10:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 2:23:26 AM]
HP LaserJet Director.lnk - C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [4/30/2007 12:41:20 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/22/2007 3:21:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe
phone\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f416ecc-f382-11dc-8e24-0013d49b837f}]
AutoRun\command- N:\autorun.exe
phone\command- N:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-07 08:51:36 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 07 May 2008 - 04:23 PM

You still have some junk in there that we need to clean out.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new DSS log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 cecoen

cecoen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 08 May 2008 - 10:21 AM

You guys rock. Who ever writes these fixes is amazing. Thanks for all your help. Here are the, hopefully, last reports:

SDFix: Version 1.180
Run by HP_Administrator on Thu 05/08/2008 at 11:05 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\527631\527631.dll - Deleted



Folder C:\WINDOWS\system32\527631 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 11:15:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe:*:Enabled: "
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:Lexmark Imaging Studio"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 26 Apr 2007 211 A.SHR --- "C:\BOOT.BAK"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 11 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 23 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 30 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 26 Dec 2006 45,568 A..H. --- "C:\Documents and Settings\HP_Administrator\Desktop\SDI\~WRL0175.tmp"
Fri 21 Dec 2007 873,704 A..H. --- "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe"
Fri 21 Dec 2007 6,157,296 A..H. --- "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe"
Fri 21 Dec 2007 873,704 A..H. --- "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install1.exe"
Fri 21 Dec 2007 6,157,296 A..H. --- "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup1.exe"
Mon 13 Aug 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!




Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-08 11:20:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:22 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\ar00000\mjsetup.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\DOCUME~1\HP_ADM~1\Desktop\HP_ADM~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014406900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014391649
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8715 bytes

-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 10:58:39 0 d-------- C:\WINDOWS\ERUNT
2008-05-07 00:00:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-06 23:56:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-06 19:54:44 0 d--hs---- C:\WINDOWS\CSC
2008-05-06 11:53:53 0 --a------ C:\Documents and Settings\HP_Administrator\NULL
2008-05-06 11:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 00:10:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-04-19 23:51:37 0 d-------- C:\Program Files\Lx_cats
2008-04-19 23:51:06 0 d-------- C:\logs
2008-04-19 23:49:01 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-19 23:48:41 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-04-19 23:48:30 286720 --a------ C:\WINDOWS\system32\LXDCinst.dll
2008-04-19 23:48:29 323584 --a------ C:\WINDOWS\system32\LXDChcp.dll <Not Verified; ; Printer Communication System>
2008-04-18 21:30:03 0 d-------- C:\Program Files\iPod
2008-04-18 21:29:57 0 d-------- C:\Program Files\iTunes
2008-04-18 21:28:13 0 d-------- C:\Program Files\QuickTime
2008-04-12 22:09:37 691545 --a------ C:\WINDOWS\unins001.exe
2008-04-12 22:09:37 2550 --a------ C:\WINDOWS\unins001.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-08 11:18:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2008-05-07 16:01:28 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-05-07 08:48:45 0 d-------- C:\Program Files\Java
2008-05-06 12:48:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-18 21:24:00 0 d-------- C:\Program Files\Safari
2008-04-18 21:22:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 11:49:27 0 d-------- C:\Program Files\DivX
2008-03-29 18:37:03 0 d-------- C:\Program Files\HP
2008-03-29 18:21:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-03-27 17:22:46 1072 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:22:35 685849 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-03-24 23:39:20 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2008-03-22 20:34:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-13 22:29:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-02-13 12:38:20 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"HP SchedIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [04/22/2002 12:56 PM]
"HP AutoIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [04/22/2002 12:57 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [04/30/2007 04:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/23/2007 05:18 PM]
"cdloader"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [12/21/2007 10:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 2:23:26 AM]
HP LaserJet Director.lnk - C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [4/30/2007 12:41:20 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/22/2007 3:21:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe
phone\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f416ecc-f382-11dc-8e24-0013d49b837f}]
AutoRun\command- N:\autorun.exe
phone\command- N:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-08 11:20:41 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 08 May 2008 - 10:31 AM

Looking pretty good. Just one more issue and we should be good.


Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


Reboot and post one more log from DSS.

How are things working for you now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 cecoen

cecoen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 08 May 2008 - 10:36 AM

No probs now. This thing is on point. Prob. just my imagination but seems a little faster now too. I'll run the last fix and post the results. I read something a while back about turning off windows restore points or something and rebooting to wipe out any memory of this crap and then turn them back on???? Does any of that sound right or am I making this stuff up? Thanks for all your help.

Chad

#8 cecoen

cecoen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 08 May 2008 - 10:39 AM

Hey again, what do you mean, make sure there is no blank line above regedit4? Is that like "Don't cross the streams, Ray! That would be bad".......j/k just a little Ghost Busters humor. Just no space above the regedit4 right? The space between it and the comand lines is ok right? Just copy and paste it like you wrote it?

Chad

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 08 May 2008 - 10:50 AM

Yep, just make sure that the very first line is REGEDIT4
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 cecoen

cecoen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 08 May 2008 - 10:50 AM

Again, thanks for your help.


Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-08 11:49:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:36 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\ar00000\mjsetup.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\DOCUME~1\HP_ADM~1\Desktop\HP_ADM~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014406900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1203014391649
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8507 bytes

-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 10:58:39 0 d-------- C:\WINDOWS\ERUNT
2008-05-07 00:00:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-06 23:56:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-06 19:54:44 0 d--hs---- C:\WINDOWS\CSC
2008-05-06 11:53:53 0 --a------ C:\Documents and Settings\HP_Administrator\NULL
2008-05-06 11:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 00:10:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-04-19 23:51:37 0 d-------- C:\Program Files\Lx_cats
2008-04-19 23:51:06 0 d-------- C:\logs
2008-04-19 23:49:01 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-19 23:48:41 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-04-19 23:48:30 286720 --a------ C:\WINDOWS\system32\LXDCinst.dll
2008-04-19 23:48:29 323584 --a------ C:\WINDOWS\system32\LXDChcp.dll <Not Verified; ; Printer Communication System>
2008-04-18 21:30:03 0 d-------- C:\Program Files\iPod
2008-04-18 21:29:57 0 d-------- C:\Program Files\iTunes
2008-04-18 21:28:13 0 d-------- C:\Program Files\QuickTime
2008-04-12 22:09:37 691545 --a------ C:\WINDOWS\unins001.exe
2008-04-12 22:09:37 2550 --a------ C:\WINDOWS\unins001.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-08 11:48:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2008-05-07 16:01:28 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-05-07 08:48:45 0 d-------- C:\Program Files\Java
2008-05-06 12:48:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-18 21:24:00 0 d-------- C:\Program Files\Safari
2008-04-18 21:22:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 11:49:27 0 d-------- C:\Program Files\DivX
2008-03-29 18:37:03 0 d-------- C:\Program Files\HP
2008-03-29 18:21:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-03-27 17:22:46 1072 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:22:35 685849 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-03-24 23:39:20 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2008-03-22 20:34:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-13 22:29:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-02-13 12:38:20 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"HP SchedIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [04/22/2002 12:56 PM]
"HP AutoIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [04/22/2002 12:57 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [04/30/2007 04:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/23/2007 05:18 PM]
"cdloader"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [12/21/2007 10:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 2:23:26 AM]
HP LaserJet Director.lnk - C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [4/30/2007 12:41:20 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [1/22/2007 3:21:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe
phone\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f416ecc-f382-11dc-8e24-0013d49b837f}]
AutoRun\command- N:\autorun.exe
phone\command- N:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-05-08 11:49:55 ------------

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 08 May 2008 - 10:53 AM

Beautiful! That's a clean log! :)



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:33 PM

Posted 05 June 2008 - 07:41 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users