Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue/180solutions [CLOSED]


  • This topic is locked This topic is locked

#1
HelpNeeded911

HelpNeeded911

    Member

  • Member
  • PipPip
  • 80 posts
I ran all of the scans outlined on this site, and infections were found/removed. However, subsequent scans would find the exact same infections. Has it really been removed this time?

Thank you for your help!!


Malwarebytes
Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 2

1:42:23 PM 7/1/2008
mbam-log-7-1-2008 (13-42-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 90674
Time elapsed: 31 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1\A0000044.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP4\A0000318.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphclpoj0ejdv.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phclpoj0ejdv.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.



SUPERAntispyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 04:47 PM

Application Version : 4.15.1000

Core Rules Database Version : 3494
Trace Rules Database Version: 1485

Scan type : Complete Scan
Total Scan Time : 00:19:54

Memory items scanned : 422
Memory threats detected : 0
Registry items scanned : 6458
Registry threats detected : 3
File items scanned : 17641
File threats detected : 5

Adware.180solutions/Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

Rogue.AntiVirus XP 2008
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1\A0000043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP4\A0000317.EXE

Rogue.Dropper/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP11\A0006690.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP4\A0000236.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP4\A0000287.SCR



Active Scan
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-01 18:49:50
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 1ac
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\desktop\smitRem.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\desktop\smitRem\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\desktop\SmitfraudFix\Reboot.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\PROGRAM FILES\LOGMEIN\X86\LOGMEIN.DLL
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
108742 MEDIUM MS06-006
;===============================================================================
=================================================================================
===================



HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:03 AM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Client Security Agent\bncsaui.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1625119268-2620851021-2016658781-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://206.166.230.3...SncRz30View.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Security Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 2: (no name) - http://www.islanddef...1AF63_thumb.jpg
O24 - Desktop Component 3: (no name) - http://image.listen....450_170x170.jpg

--
End of file - 9389 bytes



HJT Uninstall List
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AusLogics Disk Defrag
AusLogics Registry Defrag
BigFix
Business Contact Manager for Outlook 2003
Client Security Agent
Digital Media Reader
Glary Utilities 2.5.3
HijackThis 2.0.2
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp print screen utility
hp psc 1200 series
InterActual Player
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 6
LogMeIn
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Microsoft Picture It! Premium 10
Microsoft Works
Mozilla Firefox (3.0)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero OEM
Panda ActiveScan 2.0
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Recovery Software Suite eMachines
Rio Music Manager
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
SONICblue Real Service Providers
SUPERAntiSpyware Free Edition
Update for Windows XP (KB953356)
VeohTV BETA
Viewpoint Media Player
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
HelpNeeded911

HelpNeeded911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Thanks for your help!!

Main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-07 14:48:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-07-07 19:48:27 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-07-07 15:17:07 UTC - RP20 - System Checkpoint
19: 2008-07-05 03:28:08 UTC - RP19 - System Checkpoint
18: 2008-07-04 01:32:15 UTC - RP18 - System Checkpoint
17: 2008-07-03 00:50:30 UTC - RP17 - System Checkpoint


-- First Restore Point --
1: 2008-06-26 02:32:00 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:58 PM, on 7/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Client Security Agent\bncsaui.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-21-1625119268-2620851021-2016658781-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://206.166.230.3...SncRz30View.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Security Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 2: (no name) - http://www.islanddef...1AF63_thumb.jpg
O24 - Desktop Component 3: (no name) - http://image.listen....450_170x170.jpg

--
End of file - 9267 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 RioS30 (RioS30S driver) - c:\windows\system32\drivers\rios30.sys <Not Verified; SonicBlue Inc.; RioS30.sys>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 14:43:47 312 --a------ C:\WINDOWS\Tasks\GlaryInitialize.job
2008-07-02 22:56:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-04-10 03:47:52 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1136712972.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-02 10:49:57 0 d-------- C:\Program Files\Trend Micro
2008-07-02 00:25:49 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 23:29:23 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 23:29:23 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 23:29:22 0 d-------- C:\WINDOWS\system32\en
2008-07-01 23:29:21 0 d-------- C:\WINDOWS\system32\bits
2008-07-01 23:26:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-01 23:23:53 0 d-------- C:\WINDOWS\network diagnostic
2008-07-01 13:58:25 0 d-------- C:\Program Files\Auslogics
2008-07-01 13:46:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-01 13:46:43 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-01 13:46:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 12:56:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 12:34:04 0 d-------- C:\Documents and Settings\Owner\Application Data\GlarySoft
2008-07-01 12:32:46 0 d-------- C:\Program Files\Glary Utilities
2008-07-01 12:03:50 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\McAfee
2008-07-01 12:03:50 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Identities
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Templates
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Start Menu
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-07-01 12:03:49 749568 --a------ C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\My Documents
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Favorites
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Desktop
2008-07-01 12:03:49 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Sun
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView
2008-07-01 12:03:49 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft
2008-07-01 10:49:05 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-01 10:48:41 0 d-------- C:\Program Files\LogMeIn
2008-06-30 19:22:41 0 d-------- C:\QUARANTINE
2008-06-26 17:49:22 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-06-26 17:49:21 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-26 17:48:42 0 d-------- C:\Program Files\McAfee
2008-06-26 17:48:42 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-26 14:40:14 3738 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-26 13:51:03 0 d-------- C:\WINDOWS\pss
2008-06-26 13:15:58 0 d-------- C:\Program Files\Panda Security
2008-06-26 12:14:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-26 12:14:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 12:14:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-25 22:18:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 21:27:16 0 d-------- C:\Documents and Settings\Owner\Application Data\rhcgpoj0ejdv


-- Find3M Report ---------------------------------------------------------------

2008-07-02 00:25:25 0 d-------- C:\Program Files\Messenger
2008-07-01 23:29:21 0 d-------- C:\Program Files\Movie Maker
2008-07-01 23:25:59 0 d-------- C:\Program Files\Windows NT
2008-07-01 16:17:10 0 d-------- C:\Program Files\Java
2008-07-01 15:09:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-01 13:46:13 0 d-------- C:\Program Files\Common Files
2008-06-28 23:39:56 3508 --a------ C:\WINDOWS\mozver.dat
2008-05-11 23:57:36 0 d-------- C:\Program Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 01:04 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/17/2005 11:05 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 06:42 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"bncsaui.exe"="C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe" [06/21/2007 12:59 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [02/28/2008 03:31 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 10:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/29/2008 01:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 10:49 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [02/22/2008 10:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [8/5/2005 10:05:10 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 2:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
Debugger="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphclpoj0ejdv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcgpoj0ejdv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6ea5a0c-0dc5-11da-92e6-00038a000015}]
AutoRun\command- K:\JDSecure\Windows\JDSecure20.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8754 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-07 14:52:57 ------------





Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 894.48 MiB / 410.96 MiB
Pagefile Memory (total/avail): 2165.62 MiB / 1754.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.38 MiB

C: is Fixed (NTFS) - 182.1 GiB total, 156.45 GiB free.
D: is Fixed (FAT32) - 4.2 GiB total, 1 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000BB-22GUC0 - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.1 GiB - C:
\PARTITION1 - Unknown - 4.21 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-37E34C38B1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-37E34C38B1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-37E34C38B1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
LogMeInRemoteUser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Client Security Agent --> MsiExec.exe /I{4C3E62EC-C74A-42C1-8E7F-F26B56EF9573}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Glary Utilities 2.5.3 --> "C:\Program Files\Glary Utilities\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LogMeIn --> MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
Rio Music Manager --> MsiExec.exe /X{9E321DCB-3AC5-466C-B214-4CD340EE3A13}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SONICblue Real Service Providers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34A02CB-6E66-4B23-BBBC-139C2EF8E850}\setup.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4620 / Warning
Event Submitted/Written: 07/07/2008 02:44:55 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type4586 / Error
Event Submitted/Written: 07/04/2008 09:03:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x60007620.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4574 / Error
Event Submitted/Written: 07/04/2008 08:18:46 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x60007620.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4368 / Warning
Event Submitted/Written: 07/02/2008 00:29:57 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type4367 / Warning
Event Submitted/Written: 07/02/2008 00:29:57 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type200938 / Warning
Event Submitted/Written: 07/07/2008 02:44:18 PM
Event ID/Source: 3 / Print
Event Description:
Printer HP Deskjet F300 series via LogMeIn was deleted.

Event Record #/Type200937 / Warning
Event Submitted/Written: 07/07/2008 02:44:14 PM
Event ID/Source: 4 / Print
Event Description:
Printer HP Deskjet F300 series via LogMeIn is pending deletion.

Event Record #/Type200936 / Warning
Event Submitted/Written: 07/07/2008 02:44:14 PM
Event ID/Source: 8 / Print
Event Description:
Printer HP Deskjet F300 series via LogMeIn was purged.

Event Record #/Type200923 / Warning
Event Submitted/Written: 07/07/2008 02:38:56 PM
Event ID/Source: 3 / Print
Event Description:
Printer HP Deskjet F300 series via LogMeIn was deleted.

Event Record #/Type200922 / Warning
Event Submitted/Written: 07/07/2008 02:38:53 PM
Event ID/Source: 4 / Print
Event Description:
Printer HP Deskjet F300 series via LogMeIn is pending deletion.



-- End of Deckard's System Scanner: finished at 2008-07-07 14:52:57 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint Media Player



NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\Application Data\rhcgpoj0ejdv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphclpoj0ejdv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcgpoj0ejdv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log along with a fresh DSS log in your next reply...

Regards
fenzodahl512
  • 0

#5
HelpNeeded911

HelpNeeded911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
As always, thank you first and foremost! Here are the new files.

OTMOVEIT
Explorer killed successfully
File/Folder C:\Documents and Settings\Owner\Application Data\rhcgpoj0ejdv not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphclpoj0ejdv >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphclpoj0ejdv\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcgpoj0ejdv >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcgpoj0ejdv\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe\\ deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC501.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\NAILogs\UpdaterUI_YOUR-37E34C38B1.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_184121

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_4d4.dat not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC501.tmp not found!
C:\DOCUME~1\Owner\LOCALS~1\Temp\NAILogs\UpdaterUI_YOUR-37E34C38B1.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!





DSS
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-08 18:53:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:59 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Client Security Agent\bncsaui.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-21-1625119268-2620851021-2016658781-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://206.166.230.3...SncRz30View.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Security Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 2: (no name) - http://www.islanddef...1AF63_thumb.jpg
O24 - Desktop Component 3: (no name) - http://image.listen....450_170x170.jpg

--
End of file - 9918 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-07 18:05:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 18:04:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 16:02:10 0 d-------- C:\Program Files\iPod
2008-07-07 16:02:05 0 d-------- C:\Program Files\iTunes
2008-07-07 16:01:12 0 d-------- C:\Program Files\QuickTime
2008-07-07 16:00:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-07 15:59:53 0 d-------- C:\Program Files\Common Files\Apple
2008-07-07 15:58:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-02 10:49:57 0 d-------- C:\Program Files\Trend Micro
2008-07-02 00:25:49 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 23:29:23 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 23:29:23 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 23:29:22 0 d-------- C:\WINDOWS\system32\en
2008-07-01 23:29:21 0 d-------- C:\WINDOWS\system32\bits
2008-07-01 23:26:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-01 23:23:53 0 d-------- C:\WINDOWS\network diagnostic
2008-07-01 13:58:25 0 d-------- C:\Program Files\Auslogics
2008-07-01 13:46:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-01 13:46:43 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-01 12:56:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 12:34:04 0 d-------- C:\Documents and Settings\Owner\Application Data\GlarySoft
2008-07-01 12:32:46 0 d-------- C:\Program Files\Glary Utilities
2008-07-01 12:03:50 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\McAfee
2008-07-01 12:03:50 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Identities
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Templates
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Start Menu
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-07-01 12:03:49 749568 --a------ C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\My Documents
2008-07-01 12:03:49 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-07-01 12:03:49 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Favorites
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Desktop
2008-07-01 12:03:49 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-07-01 12:03:49 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Sun
2008-07-01 12:03:49 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView
2008-07-01 12:03:49 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft
2008-07-01 10:49:05 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-01 10:48:41 0 d-------- C:\Program Files\LogMeIn
2008-06-30 19:22:41 0 d-------- C:\QUARANTINE
2008-06-26 17:49:22 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-06-26 17:49:21 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-26 17:48:42 0 d-------- C:\Program Files\McAfee
2008-06-26 17:48:42 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-26 14:40:14 3738 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-26 13:51:03 0 d-------- C:\WINDOWS\pss
2008-06-26 13:15:58 0 d-------- C:\Program Files\Panda Security
2008-06-26 12:14:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-26 12:14:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 12:14:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-25 22:18:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-07-07 18:04:55 0 d-------- C:\Program Files\Common Files
2008-07-07 15:58:19 0 d-------- C:\Program Files\Apple Software Update
2008-07-02 00:25:25 0 d-------- C:\Program Files\Messenger
2008-07-01 23:29:21 0 d-------- C:\Program Files\Movie Maker
2008-07-01 23:25:59 0 d-------- C:\Program Files\Windows NT
2008-07-01 16:17:10 0 d-------- C:\Program Files\Java
2008-07-01 15:09:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-06-28 23:39:56 3508 --a------ C:\WINDOWS\mozver.dat
2008-05-11 23:57:36 0 d-------- C:\Program Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 01:04 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/17/2005 11:05 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 06:42 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"bncsaui.exe"="C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe" [06/21/2007 12:59 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [02/28/2008 03:31 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 10:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/29/2008 01:09 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 10:49 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [02/22/2008 10:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [8/5/2005 10:05:10 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 2:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
Debugger="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6ea5a0c-0dc5-11da-92e6-00038a000015}]
AutoRun\command- K:\JDSecure\Windows\JDSecure20.exe




-- End of Deckard's System Scanner: finished at 2008-07-08 18:56:20 ------------
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Tell me about your computer behaviour...


Regards
fenzodahl512
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP