Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack Log- Fake Visa Verification Site [CLOSED]


  • This topic is locked This topic is locked

#151
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

A SHR C:\ntldr


It shows that your NTLDR is normal..


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

malicious code @ sector 0x950e4c1 size 0x1e4 !
copy of MBR has been found in sector 62 !



Lets keep it this way at the moment while I'm try to figure out something...

Sorry about the redundant Dr.Web steps but I need you to do this to confirm on something about that MBR Rootkit..

Here's the steps again...


Please download Dr.Web CureIt to the Desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Regards
fenzodahl512

Edited by fenzodahl512, 12 July 2008 - 10:50 AM.

  • 0

Advertisements


#152
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Ok. I'm working on it. I think we'll the results in about 3 hours.
  • 0

#153
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Ok. I'm working on it. I think we'll the results in about 3 hours.



Ok.. will wait for you..
  • 0

#154
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Michael\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Michael\Desktop;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0193565.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{A856ED90-CE79-4D4B-A898-2BAD8DB72982}\RP952\A0193565.exe;Tool.Prockill;;
A0193565.exe;C:\System Volume Information\_restore{A856ED90-CE79-4D4B-A898-2BAD8DB72982}\RP952;Archive contains infected objects;Moved.;
  • 0

#155
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello decane, I got some tip-off from a colleague here at GTG, that

malicious code @ sector 0x950e4c1 size 0x1e4 !

is an inactive leftover from the rootkit.


From MBR log below:

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Means that mbr rootkit has been effectively cleaned. It would seem that it may have left a remnant, but it no longer poses a threat..


Lets do another deep scan to make sure all nasties are gone...



Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#156
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Ok. That's good news. What about the hotmail/internet explorer issues and the cursor moving around the screen while typing?

I'll run the scan tonight.
  • 0

#157
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Ok. That's good news. What about the hotmail/internet explorer issues and the cursor moving around the screen while typing?

I'll run the scan tonight.



Not sure about that.. do you experience any similar symptom with other email/passwords issue with IE?..

About cursor moving around the screen while typing, do you use any mousepad? have you try to use a different mouse with different mousepad and observe its behaviour? Since that's the only thing that I can thinking of at the moment..

Will wait for your Kaspersky Webscanner log :)
  • 0

#158
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 15, 2008 19:35:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/07/2008
Kaspersky Anti-Virus database records: 955443
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 77806
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 4
Duration of the scan process: 02:48:18

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080629034733\backup\DOCUME~1\Michael\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip/trkgif.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0191687.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0191687.exe RAR: infected - 1 skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4ls33qx.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008071520080716\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A856ED90-CE79-4D4B-A898-2BAD8DB72982}\RP954\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{22341390-FBA8-4F0B-B969-597EEA0ED7E2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#159
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please include a fresh DSS log in your next reply.. Please tell me about your computer behaviour too...


Regards
fenzodahl512
  • 0

#160
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\Acr6244.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07162008_180609

Files moved on Reboot...
C:\DOCUME~1\Michael\LOCALS~1\Temp\Acr6244.tmp moved successfully.

-------------
DSS Scan is coming next.
  • 0

Advertisements


#161
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Deckard's System Scanner v20071014.68
Run by Michael on 2008-07-16 18:16:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 0.16 GiB (less than 15%) free.


-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:48, on 7/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
D:\PROGRA~1\Michael.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files D Drive\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11493 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-14 21:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-14 21:33:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-10 22:05:13 66048 --a------ C:\mbr.exe
2008-07-06 11:02:41 66048 --a------ C:\WINDOWS\mbr.exe
2008-07-04 00:41:19 0 d-------- C:\WINDOWS\ERUNT
2008-06-30 18:27:34 0 d-------- C:\WINDOWS\Sun
2008-06-30 18:27:34 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2008-06-30 18:25:30 0 d-------- C:\Program Files\Java
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-29 23:09:44 2706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 23:08:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 23:08:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-29 23:08:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-29 23:08:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-29 23:08:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 21:57:48 0 d-------- C:\Documents and Settings\Michael\Application Data\ArcSoft
2008-06-29 12:17:02 0 d-------- C:\Documents and Settings\Michael\DoctorWeb
2008-06-28 23:36:58 0 d-------- C:\cmdcons
2008-06-28 13:29:23 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 13:29:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 13:29:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 13:29:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 13:29:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 13:29:23 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 13:29:23 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 13:29:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-22 23:44:25 0 d-------- C:\Program Files\Panda Security
2008-06-22 12:11:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 12:10:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 12:10:35 0 d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2008-06-22 11:34:24 0 d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-06-22 11:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 11:33:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 10:39:53 0 d-------- C:\VundoFix Backups
2008-06-19 00:10:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 23:45:26 34520 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-18 19:42:03 0 d-------- C:\Program Files\WebEx
2008-06-18 19:42:02 36864 --a------ C:\Documents and Settings\Michael\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2008-06-18 18:30:22 0 d-------- C:\Program Files\Bonjour
2008-06-18 01:13:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Template
2008-06-17 23:40:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Find3M Report ---------------------------------------------------------------

2008-07-02 11:49:01 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files
2008-06-29 16:05:18 0 d-------- C:\Program Files\Common Files\Motive
2008-06-24 18:13:36 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-18 20:53:23 0 d-------- C:\Program Files\Windows NT
2008-06-18 19:06:03 0 d-------- C:\Program Files\Symantec
2008-06-18 19:05:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 19:04:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:59:16 0 d-------- C:\Program Files\Microsoft Money
2008-06-18 18:40:07 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:34:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-15 23:35:48 0 d-------- C:\Program Files\iTunes
2008-06-15 23:34:51 0 d-------- C:\Program Files\iPod
2008-06-15 23:19:36 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 23:12:10 0 d-------- C:\Program Files\QuickTime
2008-06-15 22:59:57 0 d-------- C:\Program Files\Common Files\Apple
2008-06-14 01:08:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 00:44:56 0 d-------- C:\Program Files\Messenger
2008-06-14 00:44:06 0 d-------- C:\Program Files\Movie Maker
2008-06-13 23:41:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 23:36:36 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 23:36:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Real
2008-06-12 18:40:08 0 d-------- C:\Program Files\imGiant
2008-05-31 09:15:55 0 d-------- C:\Program Files\BitComet
2008-05-28 10:08:20 0 d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/02/2003 18:51]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/26/2003 19:00]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 13:29]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08]
"WD Button Manager"="WDBtnMgr.exe" [09/24/2006 14:31 C:\WINDOWS\system32\WDBtnMgr.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 21:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 14:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/14/2008 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [05/07/2007 14:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [9/12/1997]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 AM]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [9/12/1997]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [8/7/2003 5:45:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/11/2007 9:38:44 AM]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [9/11/2004 12:44:05 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
"c:\program files\support.com\client\bin\tgcmd.exe" /server

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-16 18:17:30 ------------


I'm still having the hotmail logon issues in internet explorer. I'm entering the correct password, but I get message stating the email address or password is incorrect. Please try again. I then reenter the same password and it logs me in.

Also as I'm typing this email, the cursor moved to a different part of the screen and my text was being entered above.
  • 0

#162
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I'm still having the hotmail logon issues in internet explorer. I'm entering the correct password, but I get message stating the email address or password is incorrect. Please try again. I then reenter the same password and it logs me in.

Also as I'm typing this email, the cursor moved to a different part of the screen and my text was being entered above.



A question.. Does the problems start along with the fake Visa pop-up or before that?
  • 0

#163
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I'm not certain, but I believe it was after the VISA pop-up started to appear.
  • 0

#164
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Also, I don't know if this is related in anyway, but the free space on my C:drive fluctuates considerably on daily basis. For instance, when I ran DSS yesterday I only had 160MB available. Without rebooting or deleting any files, my C:drive is now at 1.06GB.
  • 0

#165
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. lets do a deep scan to see if I miss anything...


Please download ISeeYouXP by ShadowPuterDude and save it to your Desktop..
  • Double-click ISeeYouXP.exe, It will be extracted to C:\ISeeYouXP folder; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.
  • Double-click the ISeeYouXP.bat shortcut which is placed on your Desktop.
    • Vista Users: Right-click on ISeeYouXP.bat and select "Run as Administrator"
  • Please be patient as ISeeYouXP will take a few minutes to complete the scan..
  • After the scan finish, you will see a textfile ISeeYouXP.txt on your Desktop..
  • Please attach that textfile in your next reply..
Note: Vista users will need to turn off UAC function. Please visit here if you do not know how..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP