Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Picked Up Several Trojan Viruses


  • Please log in to reply
8 replies to this topic

#1 slave

slave

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Valparaiso, IN
  • Local time:01:42 PM

Posted 01 July 2007 - 10:55 AM

We have been having major problems with Trojan viruses. One of the HJT trainees have been helping us and walked us through three different scans to remove them and none have worked so he sent us here. When we go to various websites (Wheeloffortune.com for one. We can get to the website but error message comes up when we click on a link. Same happens with Bleeping Computer.com) we get the error message as follows: The instruction at "0x4369b59f" referenced memory at "0x000000e0". The memory could not be "read". We have found a way to get past these error messages. When we click on a link we can quickly highlight the address bar and click "copy" before the error message pops up. Then we can paste the address into "run" in the start menu and get through this way. Even when the HJT trainee took us to sites to download and install antispyware programs we had to do the same thing. This is very irritating.

We had recently moved and we had dial up internet (Netzero) before we moved but the problem was already beginning to show itself. After we moved we got DSL(Verizon) and now the problem is suddenly much worse. Don't know if this makes a difference but thought we would let you know. (Joplin MO to Valparaiso IN)

Before coming to Bleeping Computer we talked to a technician with our internet provider and he could not help us and told us the problem was with Internet Explorer. We went to Microsoft.com and downloaded and installed all the updates for our computer. We also have the computer set for automatic updates with Microsoft. We also went to the Internet Explorer site and uninstalled and reinstalled Internet Explorer and the problem still existed. Any help you guys can give us would be greatly appreciated. Below is the log from Hijackthis program and our computer information.

Just a side note: The HJT trainee asked us to download and install Firefox but we did this a few years ago and it really screwed up our computer and had to have a technician come and take it out for us. So we are very hesitant about downloading this. Being disabled since 1989 we really cannot afford to have tech assistance.

While writing this post our Trend Micro antivirus software popped up and said that another computer was trying to connect to our wireless connection which we don't have. The detection is as follows: Status: unknown IP Address: 192.168.1.1 MAC address: 00: 18: 3a:4e:f0:0b.

Antispyware programs the HJT trainee had us try: SUPERantispyware.exe, Bitdefender online scan, DrWeb-Cureit.exe. The logs to these are posted under the topic "Am I infected? What do I do? in the Security section. And the Post title is "Maybe infected with a Trojan". The trainee that was helping us was Oldf@rt.

Computer information:
Operating Program: Windows XP with SP2
CPU: Hewlett Packard with Intell Pentium 4 Processor
Size: 1.0 GB SDRAM memory
2 Hard Drives: C has total capacity of 180 GB, used space is 19.1 GB and free space is 161 GB.
D has total capacity of 6.06 GB, used space is 5.35 GB and free space is 722 MB.
Internet: DSL with Verizon at 256K
Browser: Internet Explorer 7
Antivirus Program: Trend Micro PC-cillin Internet Security 2007
Firewall: Trend Micro

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:59 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\HP_Owner\Local Settings\Temp\{2799D7D6-193B-41EA-B400-138785ECE737}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 12 July 2007 - 06:58 PM

Hi slave,

Our apologies for the long delay. I've read your other topic in Am I Infected. Is the problem with Internet Explorer still resolved? From this log and the ones oldf@rt had you run it doesn't look like you have an active infection but I would like to look closer and the problem you described may be caused by damage from the malware that was on there and I can try to help you with that.

If you still need help, please post a new log so I can see what has changed. A new version of HijackThis has now been released, so before you repost your log please download and install the new version. In order to get some additional information please do this in the following way:

1. Open Add or Remove Programs via Control Panel and uninstall HijackThis 1.99.1
2. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges and it is best to run DSS from your Desktop.
3. Close all applications and windows.
4. Double-click on dss.exe to run it, and OK the disclaimer.
5. When the screen in the image below appears, click Yes and follow the promts to download the new version of HijackThis. Please tell your firewall to allow this download.

Posted Image

Note that a shortcut to HijackThis will appear on your desktop and you can run it from there when asked for a follow up log.

6. DSS will now scan your computer. If you get a warning from your anit-virus, please allow it as the scan is not harmful.
7. When complete, two text files will open - main.txt that will include a HijackThis log<- this one will be maximized and extra.txt <-this one will be minimized
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

This will clean up some junk files and make a few repairs if needed but will mostly give me some more indepth information and get you set up for troubleshooting. Please describe any other problems you may have been experiencing since the time that you got infected.

The thing about people

is they change

when they walk away.--Mipso


#3 slave

slave
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Valparaiso, IN
  • Local time:01:42 PM

Posted 13 July 2007 - 03:19 PM

Hi Papakid,
The problem with Internet Explorer seems to be fixed. We haven't had anymore problems with it. We went into Add/Remove programs and got rid of a lot of games we don't play anymore and some of them were from egames. I think that may have fixed it when we deleted all of them. Now the only games on the computer are the ones I bought from places like Best Buy. Anyway, I went ahead and downloaded the new Hijackthislog and copied and pasted them below just in case there is anything else that shouldn't be there. Thanks for your help.
slave

P.S. I just received a message through Trend Micro Internet Security 2007 that our anivirus protection is outdated. I know the subscription isn't up yet, in fact the expiration date is April of 2008. The icon is usually in the system tray and now it is gone. I went in to program files and tried to open it and I keep getting two error messages. The first error message is: Microsoft Visual C++ Runtime Library; Runtime Error! Program:C:\PROGRA~1\TRENDM~1\PcCtlCom.exe. This application has requested the runtime to terminate it in an unusual way. Please contact the application's support team for more information. The second error message is: The exception unkonwn software exception (0x40000015) occured in the application at location 0x008d5fab. Click OK to terminate the program or click CANCEL to debug the program.

I am not sure if this is due to malware or if it is simply Trend Micro. I noticed on the log I posted that it says outdated in red by the Trend Micro. I thought I would mention it and see if you knew anything about this.
Thanks for your help.


Main text:
Deckard's System Scanner v20070711.54
Run by HP_Owner on 2007-07-13 at 15:04:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-07-13 20:04:42 UTC - RP1842 - Deckard's System Scanner Restore Point
71: 2007-07-12 22:26:08 UTC - RP1841 - System Checkpoint
70: 2007-07-11 18:17:18 UTC - RP1840 - Software Distribution Service 3.0
69: 2007-07-10 21:46:48 UTC - RP1839 - System Checkpoint
68: 2007-07-08 00:46:21 UTC - RP1838 - System Checkpoint


-- First Restore Point --
1: 2007-04-15 07:24:56 UTC - RP1771 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:55 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe



extra text:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1015.29 MiB / 450.91 MiB
Pagefile Memory (total/avail): 2442.05 MiB / 2004.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.88 MiB

C: is Fixed (NTFS) - 180.22 GiB total, 163.09 GiB free.
D: is Fixed (FAT32) - 6.07 GiB total, 0.71 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro Internet Security v14.00 (Trend Micro Inc,) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POOHOUSEMANIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\POOHOUSEMANIA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft USB Flash Drive Manager\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=POOHOUSEMANIA
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Animals of Africa --> C:\PROGRA~1\eGames\ANIMAL~1\UNWISE.EXE C:\PROGRA~1\eGames\ANIMAL~1\INSTALL.LOG
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
ATI Remote Wonder 2.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1033
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
Brain Twister --> C:\PROGRA~1\eGames\BRAINT~1\UNWISE.EXE C:\PROGRA~1\eGames\BRAINT~1\INSTALL.LOG
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Crazy Puzzle Special Edition --> C:\PROGRA~1\eGames\CRAZYP~1\UNWISE.EXE C:\PROGRA~1\eGames\CRAZYP~1\INSTALL.LOG
Creation Station Special Edition --> C:\PROGRA~1\eGames\CREATI~1\UNWISE.EXE C:\PROGRA~1\eGames\CREATI~1\INSTALL.LOG
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Crystal Wizard Special Edition --> C:\PROGRA~1\eGames\CRYSTA~1\UNWISE.EXE C:\PROGRA~1\eGames\CRYSTA~1\INSTALL.LOG
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Finding Nemo: Nemo's Underwater World of Fun --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall
Fresco Wizard --> "C:\Program Files\Fresco Wizard\Uninstall.exe" "C:\Program Files\Fresco Wizard\install.log"
Frogger's Adventures --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73C9C7F5-D42E-4987-8B0D-F0D5F0C04422}\setup.exe" -l0x9
Galaxy of Games 1001 --> C:\PROGRA~1\eGames\GALAXY~3\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~3\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
Hewlett-Packard Multimedia Keyboard/Mouse Solution --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FCD50C2E-7DB3-4C18-8D73-6E24CEBD4021}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\HP_Owner\Application Data\HouseCall 6.6\uninstaller.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3 --> C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ423 --> MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Explorer Developer Toolbar --> MsiExec.exe /I{15C9AAEF-20D4-4416-A1BE-7D75FB5F2FE9}
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Jigsaw USA Special Edition --> C:\PROGRA~1\eGames\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\eGames\JIGSAW~1\INSTALL.LOG
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_f9e813\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Locomotion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F45E76-E897-42CA-A9FE-5F56817D875C}\Setup.exe" -l0x9
Mall Tycoon --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Take2 Interactive\Mall Tycoon\Uninst.isu"
Max Solitaire --> C:\PROGRA~1\eGames\MAXSOL~1\UNWISE.EXE C:\PROGRA~1\eGames\MAXSOL~1\INSTALL.LOG
Messenger Service --> "C:\Program Files\Video ActiveX Access\imsunst.exe"
Microsoft ActiveSync 3.8 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Base Operating System MOM 2005 MP SP1 --> MsiExec.exe /I{73705735-5040-4656-B679-F1849E0329CA}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Millennium Gamepak Gold --> C:\WINDOWS\iun506.exe C:\Program Files\Millennium Gamepak Gold\irunin.ini
Mouse Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EBA5473-558B-462C-AEE4-FE50FA799F2A}\Setup.exe"
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
muvee autoProducer 3.5 magicMoments - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
MVP Solitaire Clubs Edition --> C:\PROGRA~1\eGames\MVPSOL~1\UNWISE.EXE C:\PROGRA~1\eGames\MVPSOL~1\INSTALL.LOG
MVP Word Search --> C:\PROGRA~1\eGames\MVPWOR~1\UNWISE.EXE C:\PROGRA~1\eGames\MVPWOR~1\INSTALL.LOG
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PlayLinc --> MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
Puzzle Master 2 Special Edition --> C:\PROGRA~1\eGames\PUZZLE~1\UNWISE.EXE C:\PROGRA~1\eGames\PUZZLE~1\INSTALL.LOG
Puzzle Master 4 --> C:\PROGRA~1\eGames\PUZZLE~2\UNWISE.EXE C:\PROGRA~1\eGames\PUZZLE~2\INSTALL.LOG
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RCT3 Soaked --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
RollerCoaster Tycoon 2: Wacky Worlds --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\SETUP.EXE" -l0x9
RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Secret Circuit --> C:\PROGRA~1\eGames\SECRET~1\UNWISE.EXE C:\PROGRA~1\eGames\SECRET~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Solitaire 2 Special Edition --> C:\PROGRA~1\eGames\SOLITA~1\UNWISE.EXE C:\PROGRA~1\eGames\SOLITA~1\INSTALL.LOG
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Uninstall Veggie Carnival --> "C:\Program Files\BigIdea\Veggie Carnival\unins000.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Verizon Online DSL --> C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wheel Of Fortune --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Wheel Of Fortune\Uninst.isu"
When Bugs Attack --> C:\WINDOWS\uninst.exe -f"C:\Program Files\COSMI\When Bugs Attack\DeIsL1.isu" -c"C:\Program Files\COSMI\When Bugs Attack\_ISREG32.DLL"
Wildlife Zoo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1C659AF-C761-47A8-BAFD-5FD2BE1ED419}\setup.exe" -l0x9 -removeonly
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-07-13 at 15:07:37 ---------

Edited by slave, 13 July 2007 - 03:51 PM.


#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 13 July 2007 - 08:03 PM

Hi slave,

Looks like the main.txt log got cut off. There is much more information in that log that I would like to see. Please go to C:\Deckard\System Scanner folder and open the main.txt and copy and paste the entire contents back here. It's possible this is not a copy and paste error on your part and if so we'll have to rerun the scan with a different set of instructions.

I'm not sure at this point if there is still an active infection that might still be hidden without the missing log data and other scans we may need to run. The problem with Trend could be malware damage or it just got corrupted. Outdated with these type security tools *generally* mean the definition file(s) are corrupted, but this is not a sure thing and you need to take care of this as soon as possible.

It is usually a good idea when these kind of problems surface to uninstall and delete the program folders before reinstalling. If you have your setup files and license keys handy. There are three ways to properly uninstall Trend, and the following link will open to the third way using the PCCTool.exe which I would prefer if it were me: http://esupport.trendmicro.com/support/vie...033129#P86_2140

You may notice that there is a debug tab for this tool that might could save the trouble of a reinstall, but I can't really help you with that. You might consider calling Trend, they are one of the few commercial AV vendors that do free phone support, which is why I considered them seriously when I decided to switch away from Norton a few years ago. Their number and hours can be found here: http://esupport.trendmicro.com/support/consumer/callus.do

One thing I was going to go into with you is that there is some evidence that the problem you described is caused by corrupted Java cache. You've got a badly outdated Java, and getting you updated and it's old cache cleaned out may allow you to play those games, but most importantly will help prevent re-infection of some malware. But I want to make sure your AV protection is working correctly and see missing log data before we go into that.

The thing about people

is they change

when they walk away.--Mipso


#5 slave

slave
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Valparaiso, IN
  • Local time:01:42 PM

Posted 13 July 2007 - 08:24 PM

Hi Papakid,
You're right, somehow I don't think I copied all of it, I see a whole lot more information on their now. Probably because I didn't maximize the whole window. Anyway, below is the whole log.

On Trend, I did call them and I got everything squared away now. They took me through the PCCtool.exe thing but mine didn't work, so they sent me another one to download to uninstall it and sent me another version of Trend to reinstall. Now it seems to be working properly now.

Thanks
slave

Main text:

Deckard's System Scanner v20070711.54
Run by HP_Owner on 2007-07-13 at 15:04:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-07-13 20:04:42 UTC - RP1842 - Deckard's System Scanner Restore Point
71: 2007-07-12 22:26:08 UTC - RP1841 - System Checkpoint
70: 2007-07-11 18:17:18 UTC - RP1840 - Software Distribution Service 3.0
69: 2007-07-10 21:46:48 UTC - RP1839 - System Checkpoint
68: 2007-07-08 00:46:21 UTC - RP1838 - System Checkpoint


-- First Restore Point --
1: 2007-04-15 07:24:56 UTC - RP1771 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:55 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12467 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 cdiskdun - c:\docume~1\hp_owner\locals~1\temp\cdiskdun.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 x10nets (X10 Device Network Service) -


-- Scheduled Tasks -------------------------------------------------------------

2007-07-12 03:30:00 432 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2007-05-21 08:00:00 266 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2007-06-13 and 2007-07-13 -----------------------------

2007-06-30 19:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-30 19:40:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-30 19:40:36 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2007-06-30 19:39:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-30 16:55:07 0 d-------- C:\WINDOWS\BDOSCAN8
2007-06-30 16:30:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-30 13:26:48 0 d-------- C:\Documents and Settings\HP_Owner\DoctorWeb
2007-06-30 10:19:20 0 d-------- C:\Program Files\MSXML 6.0
2007-06-30 10:18:15 0 d-------- C:\Program Files\MSBuild
2007-06-30 10:13:56 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-06-30 10:13:16 0 d-------- C:\Program Files\Reference Assemblies
2007-06-29 17:30:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\HouseCall 6.6
2007-06-29 16:18:17 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\RegistrySmart
2007-06-29 15:49:33 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-06-29 15:27:14 439296 --a----c- C:\Documents and Settings\HP_Owner\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-06-26 13:31:21 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-06-25 22:31:31 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-06-25 22:31:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-25 20:16:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Verizon
2007-06-25 20:16:52 0 d-------- C:\WINDOWS\bin
2007-06-25 20:15:51 0 d-------- C:\Program Files\PlayLinc
2007-06-25 20:10:39 0 d-------- C:\Program Files\Common Files\Motive
2007-06-25 20:07:46 0 d-------- C:\Program Files\Verizon


-- Find3M Report ---------------------------------------------------------------

2007-07-13 15:06:45 0 d-------- C:\Program Files\Trend Micro
2007-07-10 22:45:20 15670 --a----c- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-07-05 16:20:12 98304 --a----c- C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-07-01 17:06:24 0 d-------- C:\Program Files\GAMES
2007-07-01 14:16:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 15:37:14 0 d-------- C:\Program Files\SmitfraudFix
2007-06-29 20:28:54 0 d-------- C:\Program Files\Connection Wizard
2007-06-03 18:05:05 0 d-------- C:\Program Files\Google
2007-05-28 20:09:46 0 d-------- C:\Program Files\Common Files\DirectX
2007-05-28 19:57:49 0 d-------- C:\Program Files\DreamCatcher
2007-05-20 19:12:02 1455 --a----c- C:\Program Files\Google Earth.lnk
2007-05-15 11:42:52 0 d-------- C:\Program Files\Microsoft Works
2007-05-13 16:29:55 0 d-------- C:\Program Files\G A M E S 2
2007-05-13 11:16:57 2774 --a----c- C:\WINDOWS\system32\tmp.reg
2007-05-13 10:58:54 876547 --a----c- C:\Program Files\SmitfraudFix.exe
2007-05-11 12:39:04 3645 --a----c- C:\WINDOWS\viassary-hp.reg
2007-04-21 15:59:50 1309 --a----c- C:\Program Files\CALENDAR.lnk
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
{52706EF7-D7A2-49AD-A615-E903858CF284} C:\Program Files\NetZero\qsacc\x1IEBHO.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
{CC7E636D-39AA-49b6-B511-65413DA137A1} C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"Verizon_McciTrayApp"="C:\\Program Files\\Verizon\\McciTrayApp.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"POINTER"="point32.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CreativeMouse "="C:\\Program Files\\Mouse Driver\\MouseDrv.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ATI Launchpad"=""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MINDSC~1\\PRINTM~1\\PMREMIND.EXE /Q"
"item"="Event Reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\HP Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\HPORGA~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="HP Organize"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3 Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3 Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\HP_Owner\\Local Settings\\Temp\\{60609E44-DC84-46C6-941A-EEC92A265F78}\\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3\"/PRMP=\"RCT3\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="RollerCoaster Tycoon 3 Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\HP_Owner\\Local Settings\\Temp\\{2799D7D6-193B-41EA-B400-138785ECE737}\\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3: Cape Typhoon\" /PRMP=\"RCTC\" /SKUN=\"PCXX\" /GTYP=\"SIMU\""
"item"="RollerCoaster Tycoon 3_ Cape Typhoon Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIDtct"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIRW"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcd7c880-7090-11d9-a0af-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


-- End of Deckard's System Scanner: finished at 2007-07-13 at 15:07:37 ---------

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 24 July 2007 - 12:07 AM

Hi slave,

My apologies for taking so long to get back to you.

I don't see much in the DSS log but one thing to check out further. How are things running?

Please download Combofix to your desktop.

Doubleclick ComboFix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply.

Please perform this online scan: [b
]Kaspersky Webscan[/b]
Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

If you have any problem running the scan to completion, disable your Antivirus temporarily, just be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

The thing about people

is they change

when they walk away.--Mipso


#7 slave

slave
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Valparaiso, IN
  • Local time:01:42 PM

Posted 24 July 2007 - 01:14 PM

Hi Papakid,
I did the scans as you instructed are at the bottom. We haven't seen anymore problems with our computer. It seems to be running fine.
Thanks for your help.
slave

Combofix log:

"HP_Owner" - 2007-07-24 11:21:03 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 11:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 01:27 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ATI
2007-07-15 01:21 <DIR> d-------- C:\ATI
2007-07-13 17:54 <DIR> d-------- C:\UninstallTool
2007-07-13 15:04 <DIR> d-------- C:\Deckard
2007-06-30 19:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-30 19:40 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SUPERAntiSpyware.com
2007-06-30 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-30 19:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-30 16:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-30 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-30 13:26 <DIR> d-------- C:\DOCUME~1\HP_Owner\DoctorWeb
2007-06-30 10:19 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-30 10:18 <DIR> d-------- C:\Program Files\MSBuild
2007-06-30 10:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-30 10:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-30 10:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-29 17:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\HouseCall 6.6
2007-06-29 16:18 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\RegistrySmart
2007-06-29 15:27 439,296 --a--c--- C:\DOCUME~1\HP_Owner\GoToAssist_phone__317_en.exe
2007-06-26 13:31 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-06-25 22:31 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Yahoo!
2007-06-25 22:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-25 20:16 <DIR> d-------- C:\WINDOWS\bin
2007-06-25 20:16 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Verizon
2007-06-25 20:15 <DIR> d-------- C:\Program Files\PlayLinc
2007-06-25 20:10 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-06-25 20:07 <DIR> d-------- C:\Program Files\Verizon


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 22:47:30 15,874 -c--a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-07-15 06:23:19 -------- d-----w C:\Program Files\ATI Technologies
2007-07-14 01:28:01 -------- d-----w C:\Program Files\Trend Micro
2007-07-05 21:20:12 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-01 22:06:24 -------- d-----w C:\Program Files\GAMES
2007-07-01 19:16:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 20:37:14 -------- d-----w C:\Program Files\SmitfraudFix
2007-06-30 01:28:54 -------- d-----w C:\Program Files\Connection Wizard
2007-06-13 00:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-13 00:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 23:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-06-03 23:05:05 -------- d-----w C:\Program Files\Google
2007-05-29 01:09:46 -------- d-----w C:\Program Files\Common Files\DirectX
2007-05-29 01:08:57 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-29 01:08:56 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-29 00:57:49 -------- d-----w C:\Program Files\DreamCatcher
2007-05-21 00:12:02 1,455 -c--a-w C:\Program Files\Google Earth.lnk
2007-05-21 00:09:08 15,714,552 -c--a-w C:\Program Files\Google_Earth_BZXD.exe
2007-05-20 22:47:03 14,993,976 -c--a-w C:\Program Files\GoogleEarthWin.exe
2007-05-20 22:34:36 315,624 -c--a-w C:\Program Files\dxwebsetup.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 16:16:57 2,774 -c--a-w C:\WINDOWS\system32\tmp.reg
2007-05-13 15:58:54 876,547 -c--a-w C:\Program Files\SmitfraudFix.exe
2007-05-11 17:39:04 3,645 -c--a-w C:\WINDOWS\viassary-hp.reg
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 20:59:50 1,309 -c--a-w C:\Program Files\CALENDAR.lnk
2007-04-06 23:29:39 810 -c--a-w C:\Program Files\Trend Micro PC-cillin Internet Security 2007.lnk
2006-10-20 23:04:32 1,910 -c--a-w C:\Program Files\MS K E Y B O A R D.lnk
2005-12-06 00:28:30 3,673,932 -c----w C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28:04 1,358,864 -c----w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:28:02 86,925 -c----w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-06 00:28:02 46,247 -c----w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-06 00:28:02 41,888 -c----w C:\Program Files\dxdllreg_x86.cab
2005-12-06 00:28:00 916,806 -c----w C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-06 00:27:58 1,080,344 -c----w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-12-06 00:00:46 81,092 -c----w C:\Program Files\dxupdate.cab
2005-12-06 00:00:46 74,448 -c----w C:\Program Files\DSETUP.dll
2005-12-06 00:00:46 484,560 -c----w C:\Program Files\DXSETUP.exe
2005-12-06 00:00:46 2,247,888 -c----w C:\Program Files\dsetup32.dll
2005-12-06 00:00:44 1,351,430 -c----w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-12-06 00:00:44 1,348,242 -c----w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-12-06 00:00:44 1,336,890 -c----w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-12-06 00:00:44 1,248,387 -c----w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-12-06 00:00:44 1,079,850 -c----w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-12-06 00:00:44 1,078,532 -c----w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-12-06 00:00:44 1,065,813 -c----w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-12-06 00:00:44 1,014,113 -c----w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2005-12-06 00:00:42 13,265,040 -c----w C:\Program Files\dxnt.cab
2005-12-06 00:00:40 976,020 -c----w C:\Program Files\BDAXP.cab
2005-12-06 00:00:40 703,080 -c----w C:\Program Files\BDA.cab
2005-12-06 00:00:40 15,493,481 -c----w C:\Program Files\DirectX.cab
2005-12-06 00:00:40 1,156,363 -c----w C:\Program Files\BDANT.cab
2005-08-15 23:19:18 2,077,424 -c--a-w C:\Program Files\WindowsXP-KB894391-x86-ENU.exe
2005-08-15 23:05:05 6,860,424 -c--a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-07-12 20:49:20 6,648,320 -c--a-w C:\Program Files\BDBFTFullInstall.exe
2005-07-11 23:09:05 8,763,741 -c--a-w C:\Program Files\Fresco_Wizard___Serial_Code.zip
2005-04-02 03:08:07 14,796,760 -c--a-w C:\Program Files\SP26477.exe
2005-03-25 20:20:21 42,140,104 -c--a-w C:\Program Files\SP26413.exe
2005-03-25 16:58:17 1,117,576 -c--a-w C:\Program Files\SP26417.exe
2005-03-25 16:50:44 4,519,696 -c--a-w C:\Program Files\SP26419.exe
2005-03-24 21:55:05 6,799,552 -c--a-w C:\Program Files\SP26416.exe
2005-03-24 21:22:57 4,277,128 -c--a-w C:\Program Files\SP26433.exe
2005-03-24 21:02:55 963,184 -c--a-w C:\Program Files\SP26432.exe
2005-03-24 20:57:15 1,617,160 -c--a-w C:\Program Files\SP26468.exe
2005-03-24 18:37:44 4,170,584 -c--a-w C:\Program Files\SP26380.exe
2005-03-23 04:54:06 1,147,632 -c--a-w C:\Program Files\SP26479.exe
2005-03-15 20:33:33 1,772,728 -c--a-w C:\Program Files\LeapPrint.exe
2005-02-05 17:31:46 0 -c-ha-w C:\Program Files\RCT3_RETAIL-UPDATE1_USA.EXE
2005-02-05 00:10:01 172 -c--a-w C:\Program Files\OUTLOOK EXP..lnk
2005-02-01 15:23:10 747 -c--a-w C:\Program Files\WinZip.lnk
2005-02-01 15:22:20 2,417,824 -c--a-w C:\Program Files\winzip90.exe
2005-01-29 05:57:27 3,040,520 -c--a-w C:\Program Files\IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU.exe
2005-01-29 05:24:47 2,710,296 -c--a-w C:\Program Files\WindowsXP-KB835732-x86-ENU.EXE
2005-01-29 05:03:36 518,888 -c--a-w C:\Program Files\WindowsXP-KB884020-x86-enu.exe
2005-01-29 04:03:35 3,963,304 -c--a-w C:\Program Files\MSASYNC.EXE
2005-01-29 03:48:02 261,976 -c--a-w C:\Program Files\Windows-KB890830-ENU.exe
2005-01-29 03:43:02 24,265,736 -c--a-w C:\Program Files\dotnetfx.exe
2005-01-29 02:11:08 491,768 -c--a-w C:\Program Files\ie6setup.exe
2005-01-29 02:08:30 297,224 -c--a-w C:\Program Files\GenuineCheck-2.exe
2005-01-29 02:08:17 297,224 -c--a-w C:\Program Files\GenuineCheck-1.exe
2005-01-29 02:07:03 297,224 -c--a-w C:\Program Files\GenuineCheck.exe
2005-01-27 19:26:52 2,515 -c--a-w C:\Program Files\Open Office Document.lnk
2005-01-27 19:26:52 2,505 -c--a-w C:\Program Files\New Office Document.lnk
2005-01-12 00:45:37 1,807 -c--a-w C:\Program Files\Program Updates.lnk
2004-10-22 02:01:54 731 -c--a-w C:\Program Files\Software Repair Wizard.lnk
2004-10-22 01:47:06 1,697 -c--a-w C:\Program Files\Install Quicken New User Edition.lnk
2004-10-22 01:38:27 1,130 -c--a-w C:\Program Files\MSN Encarta Standard.lnk
2004-10-22 01:14:46 902 -c--a-w C:\Program Files\HP Image Zone Plus.lnk
2004-10-21 23:51:36 398 -c--a-w C:\Program Files\Windows Catalog.lnk


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 04:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"POINTER"="point32.exe" []
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 15:41]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 13:01 C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-21 21:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-27 11:27]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"ATI Launchpad"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 21:25:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\DRIVERS\tmtdi.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 tmmbd;Trend Micro MBD Driver;C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys
R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R2 vsapint;vsapint;C:\WINDOWS\system32\DRIVERS\vsapint.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys
R3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 tmcfw;Trend Micro Common Firewall Service;C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbscan;Usbscan;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 ATI Remote Wonder II;ATI Remote Wonder II;C:\WINDOWS\system32\drivers\ATIRWVD.SYS
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cdiskdun.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7c880-7090-11d9-a0af-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
2007-05-21 13:00:00 C:\WINDOWS\tasks\Disk Cleanup.job
2007-07-24 08:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 11:24:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 11:25:58

--- E O F ---



Kapersky log:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 24, 2007 1:08:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/07/2007
Kaspersky Anti-Virus database records: 367171


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 114915
Number of viruses found 2
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 01:13:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\DoctorWeb\Quarantine\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007072420070725\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\bbassistant.log Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_27c.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_964.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_974.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1788\A0085007.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1832\A0091290.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1865\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1865\change.log Object is locked skipped

Scan process completed.

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 25 July 2007 - 11:37 PM

Well, your logs are looking pretty clean. There is one driver that I'm unsure about--if you don't mind please do the following:

Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
c:\docume~1\hp_owner\locals~1\temp\cdiskdun.sys


Save this as CFScript.txt


Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

The thing about people

is they change

when they walk away.--Mipso


#9 slave

slave
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Valparaiso, IN
  • Local time:01:42 PM

Posted 26 July 2007 - 05:02 PM

Hi Papakid,
Here is the log from the combofix. I hope I did it right.
Thanks
slave

"HP_Owner" - 2007-07-26 16:55:29 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-24 11:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-24 11:28 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-24 11:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-24 11:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 01:27 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ATI
2007-07-15 01:21 <DIR> d-------- C:\ATI
2007-07-13 17:54 <DIR> d-------- C:\UninstallTool
2007-07-13 15:04 <DIR> d-------- C:\Deckard
2007-06-30 19:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-30 19:40 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SUPERAntiSpyware.com
2007-06-30 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-30 19:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-30 16:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-30 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-30 13:26 <DIR> d-------- C:\DOCUME~1\HP_Owner\DoctorWeb
2007-06-30 10:19 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-30 10:18 <DIR> d-------- C:\Program Files\MSBuild
2007-06-30 10:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-30 10:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-30 10:12 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-29 17:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\HouseCall 6.6
2007-06-29 16:18 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\RegistrySmart
2007-06-29 15:27 439,296 --a--c--- C:\DOCUME~1\HP_Owner\GoToAssist_phone__317_en.exe
2007-06-26 13:31 <DIR> d-------- C:\Program Files\Common Files\SupportSoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 20:14:43 16,190 -c--a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-07-15 06:23:19 -------- d-----w C:\Program Files\ATI Technologies
2007-07-14 01:28:01 -------- d-----w C:\Program Files\Trend Micro
2007-07-05 21:20:12 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-01 22:06:24 -------- d-----w C:\Program Files\GAMES
2007-07-01 19:16:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 20:37:14 -------- d-----w C:\Program Files\SmitfraudFix
2007-06-30 01:28:54 -------- d-----w C:\Program Files\Connection Wizard
2007-06-28 01:19:54 -------- d-----w C:\Program Files\Verizon
2007-06-26 03:31:31 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Yahoo!
2007-06-26 01:16:54 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Verizon
2007-06-26 01:15:52 -------- d-----w C:\Program Files\PlayLinc
2007-06-26 01:10:44 -------- d-----w C:\Program Files\Common Files\Motive
2007-06-13 00:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-13 00:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 23:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-06-03 23:05:05 -------- d-----w C:\Program Files\Google
2007-05-29 01:09:46 -------- d-----w C:\Program Files\Common Files\DirectX
2007-05-29 01:08:57 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-29 01:08:56 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-29 00:57:49 -------- d-----w C:\Program Files\DreamCatcher
2007-05-21 00:12:02 1,455 -c--a-w C:\Program Files\Google Earth.lnk
2007-05-21 00:09:08 15,714,552 -c--a-w C:\Program Files\Google_Earth_BZXD.exe
2007-05-20 22:47:03 14,993,976 -c--a-w C:\Program Files\GoogleEarthWin.exe
2007-05-20 22:34:36 315,624 -c--a-w C:\Program Files\dxwebsetup.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 16:16:57 2,774 -c--a-w C:\WINDOWS\system32\tmp.reg
2007-05-13 15:58:54 876,547 -c--a-w C:\Program Files\SmitfraudFix.exe
2007-05-11 17:39:04 3,645 -c--a-w C:\WINDOWS\viassary-hp.reg
2007-04-21 20:59:50 1,309 -c--a-w C:\Program Files\CALENDAR.lnk
2007-04-06 23:29:39 810 -c--a-w C:\Program Files\Trend Micro PC-cillin Internet Security 2007.lnk
2006-10-20 23:04:32 1,910 -c--a-w C:\Program Files\MS K E Y B O A R D.lnk
2005-12-06 00:28:30 3,673,932 -c----w C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28:04 1,358,864 -c----w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:28:02 86,925 -c----w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-06 00:28:02 46,247 -c----w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-06 00:28:02 41,888 -c----w C:\Program Files\dxdllreg_x86.cab
2005-12-06 00:28:00 916,806 -c----w C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-06 00:27:58 1,080,344 -c----w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-12-06 00:00:46 81,092 -c----w C:\Program Files\dxupdate.cab
2005-12-06 00:00:46 74,448 -c----w C:\Program Files\DSETUP.dll
2005-12-06 00:00:46 484,560 -c----w C:\Program Files\DXSETUP.exe
2005-12-06 00:00:46 2,247,888 -c----w C:\Program Files\dsetup32.dll
2005-12-06 00:00:44 1,351,430 -c----w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-12-06 00:00:44 1,348,242 -c----w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-12-06 00:00:44 1,336,890 -c----w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-12-06 00:00:44 1,248,387 -c----w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-12-06 00:00:44 1,079,850 -c----w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-12-06 00:00:44 1,078,532 -c----w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-12-06 00:00:44 1,065,813 -c----w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-12-06 00:00:44 1,014,113 -c----w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2005-12-06 00:00:42 13,265,040 -c----w C:\Program Files\dxnt.cab
2005-12-06 00:00:40 976,020 -c----w C:\Program Files\BDAXP.cab
2005-12-06 00:00:40 703,080 -c----w C:\Program Files\BDA.cab
2005-12-06 00:00:40 15,493,481 -c----w C:\Program Files\DirectX.cab
2005-12-06 00:00:40 1,156,363 -c----w C:\Program Files\BDANT.cab
2005-08-15 23:19:18 2,077,424 -c--a-w C:\Program Files\WindowsXP-KB894391-x86-ENU.exe
2005-08-15 23:05:05 6,860,424 -c--a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-07-12 20:49:20 6,648,320 -c--a-w C:\Program Files\BDBFTFullInstall.exe
2005-07-11 23:09:05 8,763,741 -c--a-w C:\Program Files\Fresco_Wizard___Serial_Code.zip
2005-04-02 03:08:07 14,796,760 -c--a-w C:\Program Files\SP26477.exe
2005-03-25 20:20:21 42,140,104 -c--a-w C:\Program Files\SP26413.exe
2005-03-25 16:58:17 1,117,576 -c--a-w C:\Program Files\SP26417.exe
2005-03-25 16:50:44 4,519,696 -c--a-w C:\Program Files\SP26419.exe
2005-03-24 21:55:05 6,799,552 -c--a-w C:\Program Files\SP26416.exe
2005-03-24 21:22:57 4,277,128 -c--a-w C:\Program Files\SP26433.exe
2005-03-24 21:02:55 963,184 -c--a-w C:\Program Files\SP26432.exe
2005-03-24 20:57:15 1,617,160 -c--a-w C:\Program Files\SP26468.exe
2005-03-24 18:37:44 4,170,584 -c--a-w C:\Program Files\SP26380.exe
2005-03-23 04:54:06 1,147,632 -c--a-w C:\Program Files\SP26479.exe
2005-03-15 20:33:33 1,772,728 -c--a-w C:\Program Files\LeapPrint.exe
2005-02-05 17:31:46 0 -c-ha-w C:\Program Files\RCT3_RETAIL-UPDATE1_USA.EXE
2005-02-05 00:10:01 172 -c--a-w C:\Program Files\OUTLOOK EXP..lnk
2005-02-01 15:23:10 747 -c--a-w C:\Program Files\WinZip.lnk
2005-02-01 15:22:20 2,417,824 -c--a-w C:\Program Files\winzip90.exe
2005-01-29 05:57:27 3,040,520 -c--a-w C:\Program Files\IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU.exe
2005-01-29 05:24:47 2,710,296 -c--a-w C:\Program Files\WindowsXP-KB835732-x86-ENU.EXE
2005-01-29 05:03:36 518,888 -c--a-w C:\Program Files\WindowsXP-KB884020-x86-enu.exe
2005-01-29 04:03:35 3,963,304 -c--a-w C:\Program Files\MSASYNC.EXE
2005-01-29 03:48:02 261,976 -c--a-w C:\Program Files\Windows-KB890830-ENU.exe
2005-01-29 03:43:02 24,265,736 -c--a-w C:\Program Files\dotnetfx.exe
2005-01-29 02:11:08 491,768 -c--a-w C:\Program Files\ie6setup.exe
2005-01-29 02:08:30 297,224 -c--a-w C:\Program Files\GenuineCheck-2.exe
2005-01-29 02:08:17 297,224 -c--a-w C:\Program Files\GenuineCheck-1.exe
2005-01-29 02:07:03 297,224 -c--a-w C:\Program Files\GenuineCheck.exe
2005-01-27 19:26:52 2,515 -c--a-w C:\Program Files\Open Office Document.lnk
2005-01-27 19:26:52 2,505 -c--a-w C:\Program Files\New Office Document.lnk
2005-01-12 00:45:37 1,807 -c--a-w C:\Program Files\Program Updates.lnk
2004-10-22 02:01:54 731 -c--a-w C:\Program Files\Software Repair Wizard.lnk
2004-10-22 01:47:06 1,697 -c--a-w C:\Program Files\Install Quicken New User Edition.lnk
2004-10-22 01:38:27 1,130 -c--a-w C:\Program Files\MSN Encarta Standard.lnk
2004-10-22 01:14:46 902 -c--a-w C:\Program Files\HP Image Zone Plus.lnk
2004-10-21 23:51:36 398 -c--a-w C:\Program Files\Windows Catalog.lnk
2004-04-07 22:38:14 1,237,442 ----a-w C:\Program Files\SanDisk CruzerLock Installer v1.1.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 04:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"POINTER"="point32.exe" []
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 15:41]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 13:01 C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-21 21:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-27 11:27]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"ATI Launchpad"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 21:25:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\DRIVERS\tmtdi.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 tmmbd;Trend Micro MBD Driver;C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys
R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R2 vsapint;vsapint;C:\WINDOWS\system32\DRIVERS\vsapint.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys
R3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 tmcfw;Trend Micro Common Firewall Service;C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbscan;Usbscan;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 ATI Remote Wonder II;ATI Remote Wonder II;C:\WINDOWS\system32\drivers\ATIRWVD.SYS
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cdiskdun.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd7c883-7090-11d9-a0af-806d6172696f}]
AutoRun\command- F:\install.exe /A

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-05-21 13:00:00 C:\WINDOWS\tasks\Disk Cleanup.job
2007-07-26 08:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 16:59:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 17:00:23
C:\ComboFix2.txt ... 2007-07-24 11:25

--- E O F ---




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users