Internet Connection Keeps Breaking: 1st Time Using Hjt[INACTIVE]

Paranoia Man

By Paranoia Man,
in Malware Removal

 Share Followers 0

Recommended Posts

Paranoia Man

Paranoia Man

Posted
Posted

My internet connection keeps breaking about every 30 seconds when I try to download files or video, yet the connection seems fine when the computer is off or when I am not currently downloading anything. I have tried running Trend Micro Antivirus and Windows Defender but they don't find anything and I can't figure out what is wrong. I think it might be messing up because of a hole left over after I removed a trojan downloader with Windows Defender. I decided to download HijackThis and see if it would help. Please give any help you can.

Here is my logfile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:34:01 PM, on 11/24/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5622

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartup

O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll

O13 - Gopher Prefix:

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7533 bytes

Any advice is appreciated. I am pretty much lost when it comes to computers and I am glad there are support websites like this.

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello and sorry for the delay.

Download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Link to post
Share on other sites
Paranoia Man

Paranoia Man

Posted
  • Author
Posted

I did what you said and the scan came up with:

Deckard's System Scanner v20071014.68

Run by Zavala on 2007-12-02 14:09:53

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

33: 2007-11-30 10:44:49 UTC - RP98 - Windows Update

32: 2007-11-28 19:57:57 UTC - RP97 - Windows Update

31: 2007-11-21 12:56:02 UTC - RP96 - Windows Update

30: 2007-11-20 03:18:10 UTC - RP95 - Windows Defender Checkpoint

29: 2007-11-18 19:11:23 UTC - RP93 - Installed QuickTime

-- First Restore Point --

1: 2007-10-07 23:29:05 UTC - RP63 - Windows Update

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Zavala.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:13:18 PM, on 12/2/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\NetZero\exec.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Steven\Downloads\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Zavala.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5622

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartup

O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2733014286-607279091-1391130181-1001\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Steven')

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7574 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-11-02 17:43:07 402 --a------ C:\Windows\Tasks\EasyShare Registration Task.job

-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 14:09:32 0 d-------- \Deckard

2007-11-29 22:29:16 0 d-------- C:\Users\All Users\NetZero

2007-11-20 19:03:25 0 dr------- C:\Users\Steven\Searches

2007-11-20 19:03:16 0 dr------- C:\Users\Steven\Contacts

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Templates <TEMPLA~1>

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Start Menu <STARTM~1>

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\SendTo

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Recent

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\PrintHood <PRINTH~1>

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\NetHood

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\My Documents <MYDOCU~1>

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Local Settings <LOCALS~1>

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Cookies

2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Application Data <APPLIC~1>

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Videos

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Saved Games <SAVEDG~1>

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Pictures

2007-11-20 19:03:10 1048576 --ahs---- C:\Users\Steven\NTUSER.DAT

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Music

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Links

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Favorites <FAVORI~1>

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Downloads <DOWNLO~1>

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Documents <DOCUME~1>

2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Desktop

2007-11-20 19:03:10 0 d--h----- C:\Users\Steven\AppData

2007-11-20 16:05:26 0 d-------- C:\Users\All Users\PlayFirst

2007-11-20 16:05:22 0 d-------- C:\Users\All Users\Trymedia

2007-11-20 16:04:49 0 d-------- C:\Program Files\AOL Games

2007-11-19 13:45:50 0 d-------- C:\Program Files\Enigma Software Group

2007-11-18 14:12:59 0 d-------- C:\Program Files\QuickTime

2007-11-18 14:12:55 0 d-------- C:\Users\All Users\Apple Computer

2007-11-18 14:11:20 0 d-------- C:\Program Files\Apple Software Update

2007-11-18 14:11:19 0 d-------- C:\Users\All Users\Apple

2007-11-15 16:00:30 4096 --a------ C:\Windows\d3dx.dat

2007-11-15 16:00:23 0 d-------- C:\Users\All Users\n7-89-o9-3r-4t-r9

2007-11-15 15:57:07 0 d-------- C:\Program Files\GameHouse

2007-11-02 17:12:40 0 d-------- C:\Program Files\Common Files\Kodak

2007-11-02 17:12:29 0 d-------- C:\Program Files\Common Files\PX Storage Engine

2007-11-02 16:32:26 0 d-------- C:\Users\All Users\QuickTime

2007-11-02 16:31:53 0 d-------- C:\Windows\system32\BWKDLogs

2007-11-02 16:31:16 0 d-------- C:\Program Files\Kodak

2007-11-02 16:31:16 0 d-------- C:\Program Files\Common Files\MSSoap

2007-11-02 16:29:34 0 d-------- C:\Users\All Users\Kodak

-- Find3M Report ---------------------------------------------------------------

2007-12-02 14:04:18 2147483647 --ahs---- \hiberfil.sys

2007-12-02 14:04:17 2147483647 --ahs---- \pagefile.sys

2007-12-02 10:40:44 0 d-------- C:\Users\Zavala\AppData\Roaming\Spare Backup

2007-11-30 23:00:23 2998 --a------ C:\Users\Zavala\AppData\Roaming\wklnhst.dat

2007-11-30 06:52:16 0 d-------- C:\Users\Zavala\AppData\Roaming\Canon

2007-11-29 22:29:32 0 d-------- C:\Program Files\NetZero

2007-11-24 15:33:42 0 d-------- C:\Program Files\Trend Micro

2007-11-20 16:05:26 0 d-------- C:\Users\Zavala\AppData\Roaming\PlayFirst

2007-11-16 08:32:28 0 d-------- C:\Program Files\Web Publish

2007-11-15 15:57:16 0 d-------- C:\Users\Zavala\AppData\Roaming\GameHouse

2007-11-14 17:34:04 0 d-------- C:\Program Files\Windows Mail

2007-11-10 23:37:25 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-11-10 23:37:20 0 d-------- C:\Program Files\Common Files

2007-10-25 23:29:28 0 d-------- C:\Users\Zavala\AppData\Roaming\acccore

2007-10-21 02:08:13 0 d-------- C:\Program Files\AIM6

2007-10-21 02:07:48 0 d-------- C:\Program Files\Viewpoint

2007-10-21 02:06:56 0 d-------- C:\Program Files\Common Files\AOL

2007-10-16 15:07:58 0 d-------- C:\Program Files\Common Files\Adobe

2007-10-12 16:05:26 0 d-------- C:\Users\Zavala\AppData\Roaming\Template

2007-10-09 07:53:21 0 d-------- C:\Users\Zavala\AppData\Roaming\Adobe

2007-10-07 19:40:58 0 -rahs---- \MSDOS.SYS

2007-10-07 19:40:58 0 -rahs---- \IO.SYS

2007-10-07 19:03:27 174 --ahs---- C:\Program Files\desktop.ini

2007-10-07 19:00:58 0 d-------- C:\Program Files\Windows Calendar

2007-10-07 18:58:24 0 d-------- C:\Program Files\Canon

2007-10-07 18:54:20 0 d-------- C:\Program Files\Common Files\NewSoft

2007-10-07 18:54:08 0 d-------- C:\Program Files\Common Files\PDFView

2007-10-07 18:54:02 0 d-------- C:\Program Files\NewSoft

2007-10-07 18:51:53 0 d-------- C:\Program Files\MSXML 4.0

2007-10-07 18:50:23 0 d-------- C:\Program Files\Common Files\CANON

2007-10-07 18:45:18 0 d--h----- C:\Program Files\CanonBJ

2007-10-07 17:36:19 0 d-------- C:\Users\Zavala\AppData\Roaming\Macromedia

2007-10-07 15:04:42 0 d-------- C:\Users\Zavala\AppData\Roaming\SampleView

2007-10-07 14:48:31 0 d-------- C:\Users\Zavala\AppData\Roaming\Google

2007-10-07 14:06:41 0 d-------- C:\Users\Zavala\AppData\Roaming\Identities

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/25/2007 12:22 PM]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [06/05/2007 09:52 PM]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06/05/2007 09:52 PM]

"Persistence"="C:\Windows\system32\igfxpers.exe" [06/05/2007 09:52 PM]

"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 01:06 PM C:\Windows\RtHDVCpl.exe]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/25/2007 11:55 AM]

"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [07/12/2007 11:27 PM]

"NapsterShell"="C:\Program Files\Napster\napster.exe" []

"BigFix"="c:\program files\Bigfix\bigfix.exe" [11/16/2006 06:04 PM]

"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [07/05/2007 07:09 PM]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 08:01 PM]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 08:50 PM]

"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 07:35 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"Windows update loader"="C:\Windows\xpupdate.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 3:33:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceActiveDesktopOn"=1 (0x1)

"NoActiveDesktop"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-12-02 14:15:06 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)

Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU 2160 @ 1.80GHz

Percentage of Memory in Use: 35%

Physical Memory (total/avail): 3062.75 MiB / 1976.16 MiB

Pagefile Memory (total/avail): 6312.73 MiB / 5325.21 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1917.79 MiB

C: is Fixed (NTFS) - 362.58 GiB total, 303.72 GiB free.

D: is Fixed (NTFS) - 10.03 GiB total, 4.44 GiB free.

E: is CDROM (No Media)

F: is Removable (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD4000AAJS-00TKA0 ATA Device - 372.61 GiB - 2 partitions

\PARTITION0 - Installable File System - 10.03 GiB - D:

\PARTITION1 (bootable) - Installable File System - 362.58 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

AV: Trend Micro AntiVirus - Virus Protection v15.10.2002 (Trend Micro, Inc.)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

AS: Trend Micro AntiVirus - Spyware Protection v15.10.2002 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Zavala\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=ZAVALA-PC

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

LOCALAPPDATA=C:\Users\Zavala\AppData\Local

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f02

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Zavala\AppData\Local\Temp

TMP=C:\Users\Zavala\AppData\Local\Temp

USERDOMAIN=Zavala-PC

USERNAME=Zavala

USERPROFILE=C:\Users\Zavala

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Zavala (admin)

Steven

-- Add/Remove Programs ---------------------------------------------------------

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

AIM 6 --> C:\Program Files\AIM6\uninst.exe

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Bejeweled 2 Deluxe --> "C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"

BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"

Blackhawk Striker 2 --> "C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"

Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"

Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini

Canon MX310 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009

Canon MX310 series User Registration --> C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXE

Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033

Diner Dash --> "C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"

ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}

ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

Family Feud 2 --> "C:\Program Files\Gateway Games\Family Feud 2\Uninstall.exe"

FATE --> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"

Gateway Connect --> MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}

Gateway Game Console --> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"

Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}

Kodak EasyShare software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0002_2fab2\Setup.exe /APR-REMOVE

LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

Microsoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120

Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall

Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"

OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

Penguins! --> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"

PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R

Polar Bowler --> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"

Polar Golfer --> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"

Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly

QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Sally's Salon --> C:\PROGRA~1\GAMEHO~1\SALLY'~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SALLY'~1\INSTALL.LOG

Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}

Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}

SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.inf

Spare Backup --> MsiExec.exe /X{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}

staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}

Tradewinds --> "C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"

Trend Micro AntiVirus --> MsiExec.exe /X{71E4D679-20AB-41E9-A350-D5BF92088FFE}

Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}

Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Virtual Villagers - A New Home --> "C:\Program Files\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"

VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Wedding Dash (remove only) --> "C:\Program Files\AOL Games\Wedding Dash \Uninstall.exe"

WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

-- Application Event Log -------------------------------------------------------

Event Record #/Type7402 / Error

Event Submitted/Written: 12/02/2007 02:04:33 PM

Event ID/Source: 5007 / WerSvc

Event Description:

The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type7401 / Success

Event Submitted/Written: 12/02/2007 02:04:32 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

Event Record #/Type7400 / Success

Event Submitted/Written: 12/02/2007 02:04:32 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

Event Record #/Type7397 / Success

Event Submitted/Written: 12/02/2007 02:04:25 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

The Software Licensing service has started.

Event Record #/Type7388 / Success

Event Submitted/Written: 12/02/2007 11:43:17 AM

Event ID/Source: 903 / Software Licensing Service

Event Description:

The Software Licensing service has stopped.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type46789 / Warning

Event Submitted/Written: 12/02/2007 02:13:39 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.

For more information please see the following:

%Zavala-PC275

Scan ID: {AF15EDFD-C340-4E36-9C16-CB482371BBED}

User: Zavala-PC\Steven

Name: %Zavala-PC271

ID: %Zavala-PC272

Severity ID: %Zavala-PC273

Category ID: %Zavala-PC274

Path Found: %Zavala-PC276

Alert Type: %Zavala-PC278

Detection Type: 1.1.1505.02

Event Record #/Type46788 / Warning

Event Submitted/Written: 12/02/2007 02:13:39 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.

For more information please see the following:

%Zavala-PC275

Scan ID: {EF66DBBC-1DEA-4F7B-A55C-F19C01F643F8}

User: Zavala-PC\Steven

Name: %Zavala-PC271

ID: %Zavala-PC272

Severity ID: %Zavala-PC273

Category ID: %Zavala-PC274

Path Found: %Zavala-PC276

Alert Type: %Zavala-PC278

Detection Type: 1.1.1505.02

Event Record #/Type46787 / Warning

Event Submitted/Written: 12/02/2007 02:13:39 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.

For more information please see the following:

%Zavala-PC275

Scan ID: {21A3423E-9723-454A-9477-4CD3FBA8830A}

User: Zavala-PC\Steven

Name: %Zavala-PC271

ID: %Zavala-PC272

Severity ID: %Zavala-PC273

Category ID: %Zavala-PC274

Path Found: %Zavala-PC276

Alert Type: %Zavala-PC278

Detection Type: 1.1.1505.02

Event Record #/Type46786 / Warning

Event Submitted/Written: 12/02/2007 02:13:37 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.

For more information please see the following:

%Zavala-PC275

Scan ID: {C068686F-46CC-4E7A-9464-C263DC48AF31}

User: Zavala-PC\Steven

Name: %Zavala-PC271

ID: %Zavala-PC272

Severity ID: %Zavala-PC273

Category ID: %Zavala-PC274

Path Found: %Zavala-PC276

Alert Type: %Zavala-PC278

Detection Type: 1.1.1505.02

Event Record #/Type46785 / Warning

Event Submitted/Written: 12/02/2007 02:13:37 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.

For more information please see the following:

%Zavala-PC275

Scan ID: {29813C89-61C8-409B-B365-DD4DA824478C}

User: Zavala-PC\Steven

Name: %Zavala-PC271

ID: %Zavala-PC272

Severity ID: %Zavala-PC273

Category ID: %Zavala-PC274

Path Found: %Zavala-PC276

Alert Type: %Zavala-PC278

Detection Type: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2007-12-02 14:15:06 ------------

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted (edited)

Hello again,

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Then

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


[*]Double click on combofix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Edited by MoNsTeReNeRgY22
Link to post
Share on other sites
Paranoia Man

Paranoia Man

Posted
  • Author
Posted

Wow, thanks for the heads-up!

I downloaded and ran ComboFix and got the following log:

ComboFix 07-12-02.7 - Zavala 2007-12-05 16:36:03.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2006 [GMT -5:00]

Running from: C:\Users\Steven\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))

.

2007-12-02 14:09 . 2007-12-02 14:09 <DIR> d-------- C:\Deckard

2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\Users\All Users\NetZero

2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\ProgramData\NetZero

2007-11-24 21:25 . 2007-11-24 21:25 <DIR> d-------- C:\Users\Steven\AppData\Roaming\WildTangent

2007-11-20 20:56 . 2007-11-20 20:56 <DIR> d-------- C:\Users\Steven\AppData\Roaming\SampleView

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Videos

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Searches

2007-11-20 19:03 . 2007-11-29 23:03 <DIR> dr------- C:\Users\Steven\Saved Games

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Pictures

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Music

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Links

2007-11-20 19:03 . 2007-12-02 14:08 <DIR> dr------- C:\Users\Steven\Downloads

2007-11-20 19:03 . 2007-12-04 21:19 <DIR> dr------- C:\Users\Steven\Documents

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Contacts

2007-11-20 19:03 . 2007-12-05 16:32 <DIR> d-------- C:\Users\Steven\AppData\Roaming\Spare Backup

2007-11-20 19:03 . 2006-11-02 07:37 <DIR> d-------- C:\Users\Steven\AppData\Roaming\Media Center Programs

2007-11-20 19:03 . 2007-11-20 19:03 <DIR> d--h----- C:\Users\Steven\AppData

2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\Zavala\AppData\Roaming\PlayFirst

2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\All Users\Trymedia

2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\All Users\PlayFirst

2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\ProgramData\Trymedia

2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\ProgramData\PlayFirst

2007-11-20 16:04 . 2007-11-20 16:04 <DIR> d-------- C:\Program Files\AOL Games

2007-11-19 13:45 . 2007-11-19 19:23 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-11-18 14:12 . 2007-11-18 14:12 <DIR> d-------- C:\Users\All Users\Apple Computer

2007-11-18 14:12 . 2007-11-18 14:12 <DIR> d-------- C:\ProgramData\Apple Computer

2007-11-18 14:12 . 2007-11-18 14:13 <DIR> d-------- C:\Program Files\QuickTime

2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\Users\All Users\Apple

2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\ProgramData\Apple

2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\Program Files\Apple Software Update

2007-11-18 12:55 . 2007-11-18 12:55 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2007-11-15 16:00 . 2007-11-15 16:00 <DIR> d-------- C:\Users\All Users\n7-89-o9-3r-4t-r9

2007-11-15 16:00 . 2007-11-15 16:00 <DIR> d-------- C:\ProgramData\n7-89-o9-3r-4t-r9

2007-11-15 16:00 . 2007-11-15 16:00 4,096 --a------ C:\Windows\d3dx.dat

2007-11-15 15:57 . 2007-11-15 15:57 <DIR> d-------- C:\Users\Zavala\AppData\Roaming\GameHouse

2007-11-15 15:57 . 2007-11-15 15:57 <DIR> d-------- C:\Program Files\GameHouse

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-05 17:58 --------- d-----w C:\Users\Zavala\AppData\Roaming\Spare Backup

2007-12-01 04:00 2,998 ----a-w C:\Users\Zavala\AppData\Roaming\wklnhst.dat

2007-11-30 11:52 --------- d-----w C:\Users\Zavala\AppData\Roaming\Canon

2007-11-30 03:29 --------- d-----w C:\Program Files\NetZero

2007-11-25 02:25 --------- d-----w C:\ProgramData\WildTangent

2007-11-24 20:33 --------- d-----w C:\Program Files\Trend Micro

2007-11-16 13:32 --------- d-----w C:\Program Files\Web Publish

2007-11-14 22:35 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-14 22:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-14 22:35 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-14 22:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-14 22:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-14 22:35 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-11-14 22:35 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-11-14 22:35 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-14 22:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-14 22:35 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2007-11-14 22:35 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-11-14 22:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-14 22:35 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2007-11-14 22:35 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-14 22:35 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-14 22:34 --------- d-----w C:\Program Files\Windows Mail

2007-11-11 04:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-11 04:37 --------- d-----w C:\ProgramData\Napster

2007-11-07 00:43 --------- d-----w C:\ProgramData\CanonIJPLM

2007-11-02 22:14 --------- d-----w C:\ProgramData\Kodak

2007-11-02 22:13 --------- d-----w C:\Program Files\Kodak

2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\Kodak

2007-11-02 21:32 --------- d-----w C:\ProgramData\QuickTime

2007-10-26 04:29 --------- d-----w C:\Users\Zavala\AppData\Roaming\acccore

2007-10-21 07:09 --------- d-----w C:\ProgramData\AOL OCP

2007-10-21 07:08 --------- d-----w C:\ProgramData\AOL

2007-10-21 07:08 --------- d-----w C:\Program Files\AIM6

2007-10-21 07:07 --------- d-----w C:\ProgramData\Viewpoint

2007-10-21 07:07 --------- d-----w C:\Program Files\Viewpoint

2007-10-21 07:06 --------- d-----w C:\Program Files\Common Files\AOL

2007-10-16 20:07 --------- d-----w C:\Program Files\Common Files\Adobe

2007-10-12 21:05 --------- d-----w C:\Users\Zavala\AppData\Roaming\Template

2007-10-11 14:42 --------- d-----w C:\ProgramData\Microsoft Help

2007-10-11 14:40 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-11 14:40 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-11 14:40 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-11 14:40 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-11 14:39 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-10-11 14:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-10-11 14:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-10-11 14:38 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-11 14:38 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-11 14:38 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-10-08 00:03 174 --sha-w C:\Program Files\desktop.ini

2007-10-08 00:00 --------- d-----w C:\Program Files\Windows Calendar

2007-10-07 23:58 8,192 ----a-w C:\Windows\System32\riched32.dll

2007-10-07 23:58 77,824 ----a-w C:\Windows\System32\rascfg.dll

2007-10-07 23:58 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys

2007-10-07 23:58 694,784 ----a-w C:\Windows\System32\localspl.dll

2007-10-07 23:58 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys

2007-10-07 23:58 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys

2007-10-07 23:58 52,736 ----a-w C:\Windows\System32\rasdiag.dll

2007-10-07 23:58 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys

2007-10-07 23:58 384,000 ----a-w C:\Windows\System32\netcfgx.dll

2007-10-07 23:58 36,864 ----a-w C:\Windows\System32\cdd.dll

2007-10-07 23:58 33,280 ----a-w C:\Windows\System32\traffic.dll

2007-10-07 23:58 32,768 ----a-w C:\Windows\System32\rasmxs.dll

2007-10-07 23:58 286,208 ----a-w C:\Windows\System32\ipnathlp.dll

2007-10-07 23:58 22,016 ----a-w C:\Windows\System32\rasser.dll

2007-10-07 23:58 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys

2007-10-07 23:58 15,360 ----a-w C:\Windows\System32\pacerprf.dll

2007-10-07 23:58 134,656 ----a-w C:\Windows\System32\dps.dll

2007-10-07 23:58 13,824 ----a-w C:\Windows\System32\wshqos.dll

2007-10-07 23:58 13,824 ----a-w C:\Windows\System32\icsunattend.exe

2007-10-07 23:58 --------- d-----w C:\Program Files\Canon

2007-10-07 23:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2007-10-07 23:55 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2007-10-07 23:54 88,576 ----a-w C:\Windows\System32\avifil32.dll

2007-10-07 23:54 82,944 ----a-w C:\Windows\System32\mciavi32.dll

2007-10-07 23:54 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll

2007-10-07 23:54 69,632 ----a-w C:\Windows\System32\sendmail.dll

2007-10-07 23:54 65,024 ----a-w C:\Windows\System32\avicap32.dll

2007-10-07 23:54 61,440 ----a-w C:\Windows\System32\ntprint.exe

2007-10-07 23:54 31,232 ----a-w C:\Windows\System32\msvidc32.dll

2007-10-07 23:54 269,824 ----a-w C:\Windows\System32\schannel.dll

2007-10-07 23:54 220,160 ----a-w C:\Windows\System32\ntprint.dll

2007-10-07 23:54 123,904 ----a-w C:\Windows\System32\msvfw32.dll

2007-10-07 23:54 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll

2007-10-07 23:54 12,800 ----a-w C:\Windows\System32\msrle32.dll

2007-10-07 23:54 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll

2007-10-07 23:54 1,984,512 ----a-w C:\Windows\System32\authui.dll

2007-10-07 23:54 --------- d-----w C:\Program Files\NewSoft

2007-10-07 23:54 --------- d-----w C:\Program Files\Common Files\PDFView

2007-10-07 23:54 --------- d-----w C:\Program Files\Common Files\NewSoft

2007-10-07 23:53 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr

2007-10-07 23:51 750,080 ----a-w C:\Windows\System32\qmgr.dll

2007-10-07 23:51 --------- d-----w C:\Program Files\MSXML 4.0

2007-10-07 23:50 --------- d-----w C:\Program Files\Common Files\CANON

2007-10-07 23:47 --------- d--h--w C:\ProgramData\CanonBJ

2007-10-07 23:45 --------- d--h--w C:\Program Files\CanonBJ

2007-10-07 23:42 --------- d-----w C:\ProgramData\Trend Micro

2007-10-07 23:39 --------- d-----w C:\ProgramData\McAfee

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 12:22]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-05 21:52]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-05 21:52]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-05 21:52]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 C:\Windows\RtHDVCpl.exe]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 11:55]

"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27]

"NapsterShell"="C:\Program Files\Napster\napster.exe" []

"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04]

"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-07-05 19:09]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50]

"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" []

"*Restore"="C:\Windows\System32\rstrui.exe" [2006-11-02 07:36]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys

R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys

R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys

R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys

R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys

R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys

R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys

R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys

R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys

R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys

R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys

R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys

R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys

R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys

R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs

R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService

R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs

R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs

R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys

R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys

R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs

R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService

R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService

R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService

R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys

R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs

R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe

R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys

R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup

R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys

R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs

R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys

R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys

R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs

R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys

R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys

R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe

R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys

R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys

R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys

R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys

R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys

R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys

R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys

R3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe

R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys

R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys

R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys

S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys

S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs

S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe

S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys

S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys

S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs

S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService

S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs

S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys

S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys

S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService

S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys

S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs

S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC

S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs

S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys

S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService

S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService

S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService

S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys

S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe

S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys

S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys

S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService

S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc

S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc

S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService

S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs

S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService

S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys

S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys

S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys

S4 arc;arc;C:\Windows\system32\drivers\arc.sys

S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys

S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys

S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys

S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys

S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys

S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys

S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys

S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys

S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys

S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys

S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys

S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys

S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys

S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys

S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys

S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService

S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys

S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys

S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys

S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys

S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys

S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys

S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys

S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys

S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys

S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys

S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys

S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys

S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys

S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys

S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys

S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys

S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys

S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart

NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv

WerSvcGroup REG_MULTI_SZ wersvc

swprv REG_MULTI_SZ swprv

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg

regsvc REG_MULTI_SZ RemoteRegistry

wcssvc REG_MULTI_SZ WcsPlugInService

DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch

wdisvc REG_MULTI_SZ WdiServiceHost

sdrsvc REG_MULTI_SZ sdrsvc

secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

.

Contents of the 'Scheduled Tasks' folder

"2007-11-02 22:43:07 C:\Windows\Tasks\EasyShare Registration Task.job"

- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16

.

**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-05 16:37:55

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-05 16:38:34

C:\ComboFix2.txt ... 2007-12-04 21:15

C:\combofixlog.txt ... 2007-12-04 21:18

.

--- E O F ---

I ran HJT again and got:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45, on 2007-12-05

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartup

O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2733014286-607279091-1391130181-1001\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Steven')

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7180 bytes

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello again,

Please go HERE to run Panda's TotalScan

  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted (edited)

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Edited by MoNsTeReNeRgY22
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing