Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Visa Verification Popup


  • This topic is locked This topic is locked
9 replies to this topic

#1 Spectrum66

Spectrum66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 07 August 2008 - 08:16 PM

I have recently started to received popup Visa Verifications when i attempt to do any ecommerce on the net. Please help. I'm trying to get answers from Trend Micro Support and am not getting anywhere. I ran hijack this and others but nothing is working.

this is the results from Scan. Any advice on what to do next?

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-07 21:20:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-08-08 01:21:19 UTC - RP408 - Deckard's System Scanner Restore Point
64: 2008-08-06 22:38:05 UTC - RP407 - System Checkpoint
63: 2008-08-05 22:33:23 UTC - RP406 - System Checkpoint
62: 2008-08-04 21:39:51 UTC - RP405 - System Checkpoint
61: 2008-08-03 18:17:14 UTC - RP404 - System Checkpoint


-- First Restore Point --
1: 2008-05-09 21:59:24 UTC - RP344 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:48 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ACS.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32DRIVERSCDANTSRV.EXE
C:Program FilesToshibaPower ManagementCeEPwrSvc.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSSystem32spoolDRIVERSW32X863OPHALDCS.EXE
C:WINDOWSsystem32DVDRAMSV.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:PROGRA~1TRENDM~1INTERN~3PcCtlCom.exe
C:WINDOWSsystem32svchost.exe
c:ToshibaIvpSwupdateswupdtmr.exe
C:PROGRA~1TRENDM~1INTERN~3Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~3TmPfw.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesBoingoGoBoingoGoBoingo.exe
C:WINDOWSSamsungPanelMgrSSMMgr.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesiPodbiniPodService.exe
C:PROGRA~1HEWLET~1ToolboxSTATUS~1STATUS~1.EXE
C:PROGRA~1TRENDM~1INTERN~3PccGuide.exe
C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe
C:Program FilesMSN Messengerusnsvc.exe
C:WINDOWSsystem32wuauclt.exe
C:PROGRA~1TRENDM~1INTERN~3PcScnSrv.exe
C:PROGRA~1TRENDM~1INTERN~3tmproxy.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAdministratorDesktopdss.exe
C:DOCUME~1ADMINI~1DesktopAdministrator.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.toshiba.com/search
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O4 - HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [GoBoingo] C:Program FilesBoingoGoBoingoGoBoingo.lnk
O4 - HKLM..Run: [Samsung PanelMgr] C:WINDOWSSamsungPanelMgrSSMMgr.exe /autorun
O4 - HKLM..Run: [TomcatStartup 2.5] C:Program FilesHewlett-PackardToolboxhpbpsttp.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [OE] "C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05binnpjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05binnpjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapweb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:WINDOWSsystem32DRIVERSCDANTSRV.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:Program FilesToshibaPower ManagementCeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:WINDOWSSystem32spoolDRIVERSW32X863OPHALDCS.EXE
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~3PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~3PcScnSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:ToshibaIvpSwupdateswupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~3Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~3TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~3tmproxy.exe

--
End of file - 8085 bytes

-- HijackThis Fixed Entries (C:DOCUME~1ADMINI~1Desktopbackups) ------------

backup-20080730-092557-175 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080730-092557-872 O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:windowssystem32driversmeiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 SrvcEKIOMngr - c:windowssystem32driversekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcEPECioctl - c:windowssystem32driversecioctl.sys
R1 SrvcEPIOMngr - c:windowssystem32driversepiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:windowssystem32driversssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcTPIOMngr - c:windowssystem32driverstpiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 tmtdi (Trend Micro TDI Driver) - c:windowssystem32driverstmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 ASCTRM - c:windowssystem32driversasctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 cnmpar21 © - c:bjprintercnmwindowscanon ip90 installerinst2cnmpar21.sys <Not Verified; CANON INC.; Canon BJ Raster Printer Driver for Windows NT4.0>
R2 DgiVecp - c:windowssystem32driversdgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:windowssystem32driversmdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:windowssystem32driversnetdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 TBiosDrv - c:windowssystem32driverstbiosdrv.sys
R2 tmmbd (Trend Micro MBD Driver) - c:windowssystem32driverstm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 EPOWER (Compal E-POWER Driver) - c:windowssystem32drivershkdrv.sys <Not Verified; Compal Electronic Inc.; EPOWER>
R3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:windowssystem32driverspcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 SSPORT - c:windowssystem32driversssport.sys (file missing)
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:windowstemp1c5.tmp (file missing)
S3 C-Dilla - c:windowssystem32driverscdant.sys <Not Verified; Macrovision; Licence Management System>
S3 wanatw (WAN Miniport (ATW)) - c:windowssystem32driverswanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:windowssystem32acs.exe
R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 C-DillaSrv - c:windowssystem32driverscdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 CeEPwrSvc - c:program filestoshibapower managementceepwrsvc.exe <Not Verified; COMPAL ELECTRONIC INC.; CeEPwrSvc Module>
R2 CFSvcs (ConfigFree Service) - c:program filestoshibaconfigfreecfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:windowssystem32dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 PcCtlCom (Trend Micro Central Control Component) - c:progra~1trendm~1intern~3pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 Swupdtmr - c:toshibaivpswupdateswupdtmr.exe
R2 Tmntsrv (Trend Micro Real-time Service) - c:progra~1trendm~1intern~3tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:progra~1trendm~1intern~3tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmproxy (Trend Micro Proxy Service) - c:progra~1trendm~1intern~3tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:progra~1trendm~1intern~3pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394NIC13945640134A23F53
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394NIC13945640134A23F53
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2004-08-10 18:39:47 428 --a------ C:WINDOWSTasksSymantec NetDetect.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-04 21:00:39 0 d-------- C:WINDOWSsystem32CatRoot_bak
2008-07-21 14:24:07 131072 --a------ C:WINDOWSsystem32PMLJNI.dll
2008-07-21 14:24:07 74752 --a------ C:WINDOWSsystem32jst.dll
2008-07-21 14:24:07 36864 --a------ C:WINDOWSsystem32hpbmmjno.dll <Not Verified; Hewlett-Packard; Hewlett-Packard MasterMon JobNotify Extension, 9x>
2008-07-21 14:24:07 40960 --a------ C:WINDOWSsystem32d4channel.dll <Not Verified; Hewlett-Packard; Hewlett-Packard 1284.4 channel jni>
2008-07-21 14:22:48 0 d--h----- C:Program FilesZero G Registry
2008-07-15 09:34:08 471040 --a------ C:WINDOWSssndii.exe <Not Verified; ; Non-Device INF Installer>
2008-07-15 09:34:06 49152 --a------ C:WINDOWSsystem32ssusbpn.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-07-15 09:34:06 57344 --a------ C:WINDOWSsystem32ssdevm.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-07-15 09:34:06 44544 --a------ C:WINDOWSsystem32msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-07-15 09:34:04 0 d-------- C:WINDOWSSamsung
2008-07-15 09:30:41 41984 -----n--- C:WINDOWSsystem32driversDGIVECP.SYS <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
2008-07-15 09:30:32 0 d-------- C:Program FilesSamsung
2008-07-07 18:18:26 557056 --a------ C:Documents and SettingsAdministratorGoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist>


-- Find3M Report ---------------------------------------------------------------

2008-07-31 18:56:02 0 d-------- C:Documents and SettingsAdministratorApplication DataAdobeUM
2008-07-21 14:24:24 0 d-------- C:Program FilesHewlett-Packard
2008-07-17 13:39:53 0 d-------- C:Documents and SettingsAdministratorApplication DataU3
2008-07-15 09:53:34 0 d--h----- C:Program FilesInstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"OrderReminder"="C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe" [01/30/2006 12:00 PM]
"RealTray"="C:Program FilesRealRealPlayerRealPlay.exe" [08/10/2004 05:42 PM]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [02/19/2008 01:10 PM]
"GoBoingo"="C:Program FilesBoingoGoBoingoGoBoingo.lnk" [07/31/2008 06:55 PM]
"Samsung PanelMgr"="C:WINDOWSSamsungPanelMgrSSMMgr.exe" [09/05/2007 01:18 AM]
"TomcatStartup 2.5"="C:Program FilesHewlett-PackardToolboxhpbpsttp.exe" [12/13/2004 09:47 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 08:00 AM]
"OE"="C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe" [10/05/2006 01:56 PM]
"MsnMsgr"="C:Program FilesMSN MessengerMsnMsgr.exe" [01/19/2007 12:54 PM]
"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupQuickBooks Update Agent.lnk
backup=C:WINDOWSpssQuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupRAMASST.lnk
backup=C:WINDOWSpssRAMASST.lnkCommon Startup


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregACU]
"C:Program FilesAtherosACU.exe" -nogui

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCeEKEY]
C:Program FilesTOSHIBAE-KEYCeEKey.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCeEPOWER]
C:Program FilesTOSHIBAPower ManagementCePMTray.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdla]
C:WINDOWSsystem32dlatfswctrl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"C:Program FilesiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
%systemroot%system32dumprep 0 -k

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
"C:Program FilesMessengermsmsgs.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNotebook Maximizer]
C:Program FilesNotebook Maximizermaximizer_startup.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregpccguide.exe]
C:PROGRA~1TRENDM~1INTERN~3pccguide.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeqttask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRealTray]
C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTPNF]
C:Program FilesTOSHIBATouchPadTPTray.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
"C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6673cdad-b347-11dc-8bb5-000fb0587896}]
AutoRuncommand- F:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b719d279-4ff2-11dc-8b09-000fb0587896}]
AutoRuncommand- E:LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-07 21:24:16 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Mobile Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 1150.98 MiB / 368.07 MiB
Pagefile Memory (total/avail): 1699.18 MiB / 970.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.4 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 37.32 GiB free.
D: is CDROM (No Media)

.PHYSICALDRIVE0 - TOSHIBA MK8026GAX - 74.53 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1454 (Trend Micro, Inc.)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesInternet ExplorerIEXPLORE.EXE"="C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Disabled:Internet Explorer"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Disabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Disabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Disabled:AOL"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe"="C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe:*:Enabled:javaw"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsAdministratorApplication Data
CLASSPATH=.;C:Program FilesJavaj2re1.4.2_05libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=TOSHIBA-USER
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A70
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsAdministrator
LOGONSERVER=TOSHIBA-USER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavaj2re1.4.2_05libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1ADMINI~1LOCALS~1Temp
TMP=C:DOCUME~1ADMINI~1LOCALS~1Temp
USERDOMAIN=TOSHIBA-USER
USERNAME=Administrator
USERPROFILE=C:Documents and SettingsAdministrator
VERNUM=PSA70U-0EH00F8
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSsystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ALPS Touch Pad Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}setup.exe" UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Connection Services Manager --> C:WINDOWSWNBackupWnClient62unwise32.exe /Z /U C:WINDOWSWNBackupWnClient62install.log "AT&T Connection Services Manager"
Atheros Client Utility --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}Setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver --> rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery® Wizard 2.1 for Microsoft® Word 2002 --> C:WINDOWSuninst.exe -f"C:Program FilesAvery WizardDeIsL3.isu" -c"C:Program FilesAvery Wizarduninst.dll
C-Dilla Licence Management System --> C:C_DILLAsetupcdunin16.exe
Canon iP90 --> C:WINDOWSsystem32CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:BJPrinterCNMWINDOWSCanon iP90 InstallerInst2cnmis.dll" "-RCDLLC:BJPrinterCNMWINDOWSCanon iP90 InstallerInst2cnmi0409.dll"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}Setup.exe" -l0x9
DVD-RAM Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}Setup.exe" DVD-RAM Driver
Easy Button --> C:WINDOWSUnInst32.exe EzButton.UNI
GoBoingo! --> MsiExec.exe /X{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}
HijackThis 2.0.2 --> "C:Documents and SettingsAdministratorDesktopHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
hp LaserJet 4250/4350/4240 --> C:Program FilesHewlett-Packardhp LaserJet 4250 4350 4240Installerhpsetup.exe /x
hp LaserJet 4250/4350/4240 --> msiexec /x{E063B3E2-6641-4375-9F09-ADA9E589EB90}
hp LaserJet Toolbox --> MsiExec.exe /X{AB2F7E36-3D87-457D-8162-26583CF49AC1}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:Program FilesHPDigital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}setuphpzscr01.exe -datfile hposcr11.dat
InterVideo WinDVD for TOSHIBA --> "C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe" REMOVEALL
Interwise Participant --> c:program filesinterwiseparticipantiwuninst.exe
iPod for Windows 2006-03-23 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
LaserJet 1020 series --> C:Program FilesZenographics{C9C6436D-8BBA-455B-AC29-4828DA7F472E}Setup.exe -u "HPLJInstaller.dll=Hpl_1020.inf"
Learn2 Player (Uninstall Only) --> C:Program FilesLearn2.comStRunnerstuninst.exe
LiveUpdate 1.90 (Symantec Corporation) --> C:Program FilesSymantecLiveUpdateLSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Office Live Meeting --> C:Program FilesMicrosoft OfficeLive MeetingQuicksilverquicksilver.exe -UALL
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{3C527E13-C82E-464D-B417-9A2067DA31EA}
Microsoft Office Live Meeting 2007 --> MsiExec.exe /I{63BEF36D-1782-4506-ABA6-6672B54641E0}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsninst.inf,Uninstall
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Notebook Maximizer --> C:WINDOWSiun6002.exe "C:Program FilesNotebook Maximizerirunin.ini"
OrderReminder HP LaserJet 1020 --> "C:Program FilesHewlett-PackardOrderReminderuninstallhpuninstaller.exe" hp_LaserJet_1020
Peachtree Complete Accounting --> C:WINDOWSIsUninst.exe -fC:PeachwDeisPT.isu
QuickBooks Pro Edition 2003 --> C:Program FilesInstallshield Installation Information{237a4b22-78c2-11d6-a394-00104bd190b1}QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2004 --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer Basic --> C:Program FilesCommon FilesRealUpdaternuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}Setup.exe" -l0x9 REMOVE
SAMSUNG Dr. Printer --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1000Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0DB87EAC-F695-4D59-9609-C93119AE6B35}setup.exe" -l0x9 -removeonly
Samsung ML-2850 Series --> C:Program FilesSamsungSamsung ML-2850 SeriesInstallSetup.exe /R
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
SMSC IrCC V5.1.3600.3 SP1 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0700Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}setup.exe" -l0x9 UNINSTALL
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
TOSHIBA Access --> C:WINDOWSTOSHIB~2UNWISE.EXE C:WINDOWSTOSHIB~2INSTALL.LOG
TOSHIBA ConfigFree --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}setup.exe" -l0x9 UNINSTALL
TOSHIBA Console --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}Setup.exe" -l0x9
TOSHIBA Fax Extension --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9AC200C3-A4C8-401C-A5A8-202BE888B165}setup.exe"
TOSHIBA Hotkey Utility --> C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19} /l1033
TOSHIBA PC Diagnostic Tool --> C:WINDOWSIsUninst.exe -f"C:Program FilesTOSHIBAPCDiagUninst.isu"
TOSHIBA Power Management Utility --> C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{F16086C2-21CD-42CE-9EC8-2E5302D010B2} /l1033
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EE033C1F-443E-41EC-A0E2-559B539A4E4D}Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{008D69EB-70FF-46AB-9C75-924620DF191A}Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3FBF6F99-8EC6-41B4-8527-0A32241B5496}Setup.exe" -l0x9
Toshiba Tbiosdrv Driver --> C:WINDOWSIsUninst.exe -f"C:Program FilesToshibaToshiba Tbiosdrv DriverTbiosdrv.isu"
Touch and Launch --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5D96E2B1-D9AC-46E0-9073-425C5F63E338}Setup.exe"
TouchPad On/Off Utility --> C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{49188E15-9B2E-4913-9107-A5D01821AC68} /l1033
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
USB Card Reader --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{57EC14EF-9A27-11D6-85E9-F476176AA204}Setup.exe"
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) --> rundll32.exe C:PROGRA~1DIFX7AA84A78695B31A503D9537A76801D74E0FD14BDDIFxAppA.dll, DIFxARPUninstallDriverPackage C:WINDOWSsystem32DRVSTORERoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FFRoundTable.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type10208 / Error
Event Submitted/Written: 08/07/2008 11:07:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x02be1ecc.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10186 / Error
Event Submitted/Written: 08/06/2008 02:01:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x02be1ecc.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10185 / Error
Event Submitted/Written: 08/06/2008 00:53:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x02741ecc.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10096 / Error
Event Submitted/Written: 08/01/2008 08:30:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x01331ecc.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10095 / Error
Event Submitted/Written: 08/01/2008 08:04:06 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x01461ecc.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type86701 / Error
Event Submitted/Written: 08/07/2008 05:13:11 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer DEBBIE using any of the configured
protocols.

Event Record #/Type86700 / Error
Event Submitted/Written: 08/07/2008 05:13:09 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer TOSHIBA17 using any of the configured
protocols.

Event Record #/Type86699 / Error
Event Submitted/Written: 08/07/2008 05:12:35 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer DEBBIE using any of the configured
protocols.

Event Record #/Type86698 / Error
Event Submitted/Written: 08/07/2008 05:12:32 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer TOSHIBA17 using any of the configured
protocols.

Event Record #/Type86697 / Error
Event Submitted/Written: 08/07/2008 05:11:59 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer DEBBIE using any of the configured
protocols.



-- End of Deckard's System Scanner: finished at 2008-08-07 21:24:16 ------------

BC AdBot (Login to Remove)

 


#2 Spectrum66

Spectrum66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 12 August 2008 - 11:16 AM

Can someone please help me with this. There's been no communication for several days and I dont understand what i need to do at this point?

Thank you

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:48 PM

Posted 15 August 2008 - 01:40 AM

Hi Spectrum66


Download GMER and save it your desktop:
  • Extract it to your desktop and double-click GMER.exe
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post GMER log & a fresh hjt log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:48 PM

Posted 21 August 2008 - 01:22 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:48 AM

Posted 21 August 2008 - 04:20 PM

Topic reopened.

I have reopened this topic as I see Spectrum66 posted a new topic this morning concerning this issue. I have deleted that topic as it merely contained a plea for assistance and a link to this topic.

Spectrum 66, please follow the instructions left for you in post #3. Please do not post new topics on this issue as it confuses things and delays the assistance you receive.

Be sure you have subscribed to this thread so you receive notification when you receive a reply. As a back up, check your My Topics list for new posts.

Back to you Blade81,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#6 Spectrum66

Spectrum66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 25 August 2008 - 07:13 PM

Please help me. This is the latest Scan on GMER. What do I do next?

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-21 11:49:07
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwClose [0xAE5F2CE0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwConnectPort [0xAE5F2FB0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcess [0xAE5F2310]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcessEx [0xAE5F25E0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwOpenProcess [0xAE5F2840]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwRequestWaitReplyPort [0xAE5F3150]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwWriteVirtualMemory [0xAE5F2E80]

---- Kernel code sections - GMER 1.0.14 ----

PAGE CLASSPNP.SYS!ClassInitialize + F4 BA8EF42C 4 Bytes [ 56, 57, 0B, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF BA8EF437 4 Bytes [ AC, 11, 0B, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A BA8EF442 4 Bytes [ 68, 57, 0B, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 BA8EF449 4 Bytes [ 5C, 57, 0B, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 BA8EF450 4 Bytes [ 62, 57, 0B, 88 ]
PAGE ...
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CryptDestroyKey 77DE9E9C 7 Bytes JMP 016B2B93
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 016B2B50
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!CryptEncrypt 77DEE340 7 Bytes JMP 016B2B14
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016B2AF9
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016B2985
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016B2A77
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016B29BD
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016B29F5
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[3348] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] ADVAPI32.dll!CryptDestroyKey 77DE9E9C 7 Bytes JMP 015B2B93
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 015B2B50
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] ADVAPI32.dll!CryptEncrypt 77DEE340 7 Bytes JMP 015B2B14
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015B2AF9
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015B2985
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015B2A77
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015B29BD
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[18416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015B29F5
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] ADVAPI32.dll!CryptDestroyKey 77DE9E9C 7 Bytes JMP 01862B93
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 01862B50
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] ADVAPI32.dll!CryptEncrypt 77DEE340 7 Bytes JMP 01862B14
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 01863098
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!HttpOpenRequestA 78064341 5 Bytes JMP 01862DD1
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!InternetConnectA 7806499A 5 Bytes JMP 01862BAE
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 01863043
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 01862F11
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 018639D8
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 01863578
.text C:\Program Files\Internet Explorer\iexplore.exe[647912] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 01863581

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Cdrom \Device\CdRom0 880B5756

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 880B5756

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.14 ----

Thread 4:14024 880F48D0
Thread 4:14032 880E1BE0
Thread 4:13720 88129DF0
Thread 4:13860 880C2110
Thread 4:17024 880F48D0
Thread 4:16680 880E1BE0
Thread 4:17032 88129DF0
Thread 4:17036 880C2110

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x950e4c1 size 0x1fd
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.14 ----

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:48 PM

Posted 25 August 2008 - 11:59 PM

Unfortunately your log shows signs of a rootkit being present on your system.This means your PC is at risk now and sadly may always be.
The problem with rootkits is they are very hard to detect and extremely hard to remove completely.
Rootkits may also have what is known as a backdoor.The backdoor, if present, will give complete remote access to your system.This means someone will be able to steal any information stored on your PC including addresses, names and telephone numbers and more worryingly passwords, bank account details and any other financial information, basically they will have access to any data that you do.


At this point you have 2 options :-

OPTION 1

We attempt to remove the rootkit but will never really know if it is completely removed which means all the above applies.
There will be no guarantees with this option.

OPTION 2

We reformat your system.
This will destroy the rootkit but means you will have to reinstall everything.

My advice would be OPTION 2 It is the only safe, effective and positive way of dealing with this type of infection.
It will also be much quicker to reformat/reinstall than to attempt the removal.

I would like you to read the information over and when you have decided which option to choose post back and I will gladly assist with what ever route you choose to take.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 Spectrum66

Spectrum66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 26 August 2008 - 07:24 AM

I would like to and need to go option #2 asap. Thank you. Are you a moderator or work for this site?

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:48 PM

Posted 26 August 2008 - 10:15 AM

Hi

This Reformatting Windows XP -tutorial by wng_z3r0 guides you thru reformatting.

Are you a moderator or work for this site?

I'm not a moderator but help people with malware issues as a volunteer here. :thumbsup:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:48 PM

Posted 31 August 2008 - 06:09 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users