Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Trojans

Started by davefan78 , May 01 2008 10:53 PM

  • Please log in to reply

#1
davefan78
Posted 01 May 2008 - 10:53 PM

davefan78

    New Member

  • Member
  • Pip
  • 7 posts
I've worked tirelessly for hours trying to rid my computer of this problem with no headway. Any help would be great.
Thanks


Scan saved at 11:48:59 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173583676156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173583668609
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  • 0

Advertisements

#2
davefan78
Posted 01 May 2008 - 11:15 PM

davefan78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 08-05-01.1 - 42 2008-05-02 0:07:27.1 - NTFSx86
Running from: C:\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\winsys2f.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-05-01 23:25 . 2008-05-01 23:25 <DIR> d-------- C:\bintheredunthat
2008-05-01 23:20 . 2008-05-01 23:20 <DIR> d-------- C:\BFU
2008-05-01 23:12 . 2008-05-01 23:12 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-05-01 23:12 . 2008-05-01 23:31 1,024 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG
2008-05-01 22:15 . 2008-05-01 22:34 7,288 --a------ C:\idsuite_run.bat
2008-05-01 15:31 . 2008-05-01 15:31 <DIR> d-------- C:\Program Files\Uniblue
2008-05-01 15:31 . 2008-05-01 15:31 <DIR> d-------- C:\Documents and Settings\42\Application Data\Uniblue
2008-05-01 15:23 . 2008-05-01 15:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 15:23 . 2008-05-01 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 15:19 . 2008-05-01 15:19 3,416 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-01 15:13 . 2008-05-01 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Program Files\Riven
2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Program Files\PocoMan
2008-05-01 15:11 . 2008-05-01 15:11 <DIR> d-------- C:\Program Files\Java
2008-05-01 15:11 . 2008-05-01 15:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 17:35 . 2008-05-01 15:11 <DIR> d-------- C:\Program Files\Java(2)
2008-04-25 17:35 . 2008-05-01 15:11 <DIR> d-------- C:\Program Files\Common Files\Java(2)
2008-04-22 17:31 . 2008-04-22 17:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 17:31 . 2008-04-22 17:31 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 22:17 --------- d-----w C:\Program Files\ffdshow
2008-05-01 22:16 --------- d-----w C:\Documents and Settings\42\Application Data\Move Networks
2008-05-01 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-01 22:12 --------- d-----w C:\Program Files\Apple Software Update
2007-11-11 06:37 13,817,216 ----a-w C:\Program Files\pptrialr8.exe
2007-09-19 04:02 99,856 -c--a-w C:\Documents and Settings\42\Application Data\GDIPFONTCACHEV1.DAT
2007-06-15 01:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 22:10 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 01:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-12 23:46 196608]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-12 23:46 311296]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 15:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-11-13 19:03 258048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 05:19]
S3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 05:19]
S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 05:19]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;C:\WINDOWS\system32\DRIVERS\USR1806.SYS [2001-08-17 06:28]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-05-06 16:53]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 00:08:32
Windows 5.1.2600 Service Pack 2 NTFS
Combofix log:





scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-02 0:10:18
ComboFix-quarantined-files.txt 2008-05-02 07:10:13

Pre-Run: 22,113,812,480 bytes free
Post-Run: 22,110,740,480 bytes free

85
  • 0

#3
davefan78
Posted 01 May 2008 - 11:28 PM

davefan78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
MBAM log :



Malwarebytes' Anti-Malware 1.11
Database version: 707

Scan type: Quick Scan
Objects scanned: 34338
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
  • 0

#4
davefan78
Posted 01 May 2008 - 11:59 PM

davefan78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
12:57 AM 5/2/2008Deckard's System Scanner v20071014.68
Run by 42 on 2008-05-02 00:56:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as 42.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:48 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\42.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173583676156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173583668609
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3538 bytes

-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-05-02 00:56:06 0 d-------- C:\Program Files\Trend Micro
2008-05-02 00:15:59 0 d-------- C:\Documents and Settings\42\Application Data\Malwarebytes
2008-05-02 00:15:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 00:15:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 00:06:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-02 00:06:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-02 00:06:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-02 00:06:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-02 00:06:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-02 00:06:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-02 00:06:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-02 00:06:51 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-01 23:25:07 0 d-------- C:\bintheredunthat
2008-05-01 23:20:01 0 d-------- C:\BFU
2008-05-01 23:12:32 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-01 23:12:32 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-01 23:12:32 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-01 23:12:32 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-01 23:12:31 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-01 22:38:15 0 d-------- C:\WINDOWS\Prefetch
2008-05-01 22:35:07 0 d---s---- C:\Documents and Settings\42\Cookies
2008-05-01 22:35:05 0 dr-h----- C:\Documents and Settings\42\Recent
2008-05-01 22:15:15 7288 --a------ C:\idsuite_run.bat
2008-05-01 21:28:30 0 d-------- C:\WINDOWS\pss
2008-05-01 20:38:44 0 d-------- C:\WINDOWS\CSC
2008-05-01 15:31:27 0 d-------- C:\Documents and Settings\42\Application Data\Uniblue
2008-05-01 15:31:18 0 d-------- C:\Program Files\Uniblue
2008-05-01 15:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 15:23:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 15:13:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-01 15:12:26 0 d-------- C:\Program Files\PocoMan
2008-05-01 15:12:22 0 d-------- C:\Program Files\Riven
2008-05-01 15:11:53 0 d-------- C:\Program Files\Common Files\Java
2008-05-01 15:11:52 0 d-------- C:\Program Files\Java
2008-04-25 17:35:57 0 d-------- C:\Program Files\Java(2)
2008-04-25 17:35:06 0 d-------- C:\Program Files\Common Files\Java(2)


-- Find3M Report ---------------------------------------------------------------

2008-05-01 21:00:15 0 d-------- C:\Program Files\Windows NT
2008-05-01 15:17:13 0 d-------- C:\Program Files\ffdshow
2008-05-01 15:16:08 0 d-------- C:\Documents and Settings\42\Application Data\Move Networks
2008-05-01 15:15:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 15:12:31 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 15:11:47 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/03/2004 10:10 PM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 01:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/12/2006 11:46 PM]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [01/12/2006 11:46 PM]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [04/21/2006 03:42 PM]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [11/13/2007 07:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-05-02 00:57:09 ------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP