Paranoia Man Posted November 24, 2007 Report Share Posted November 24, 2007 My internet connection keeps breaking about every 30 seconds when I try to download files or video, yet the connection seems fine when the computer is off or when I am not currently downloading anything. I have tried running Trend Micro Antivirus and Windows Defender but they don't find anything and I can't figure out what is wrong. I think it might be messing up because of a hole left over after I removed a trojan downloader with Windows Defender. I decided to download HijackThis and see if it would help. Please give any help you can.Here is my logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:34:01 PM, on 11/24/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Trend Micro\AntiVirus 2007\tavui.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\BigFix\bigfix.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5622R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silentO4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systrayO4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartupO4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dllO13 - Gopher Prefix: O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7533 bytesAny advice is appreciated. I am pretty much lost when it comes to computers and I am glad there are support websites like this. Link to post Share on other sites
Andro1d Posted November 30, 2007 Report Share Posted November 30, 2007 Hello and sorry for the delay.Download Deckard's System Scanner (DSS) to your Desktop.Close all applications and windows.Double-click on DSS.exe to run it, and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus) Link to post Share on other sites
Paranoia Man Posted December 2, 2007 Author Report Share Posted December 2, 2007 I did what you said and the scan came up with:Deckard's System Scanner v20071014.68Run by Zavala on 2007-12-02 14:09:53Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --33: 2007-11-30 10:44:49 UTC - RP98 - Windows Update32: 2007-11-28 19:57:57 UTC - RP97 - Windows Update31: 2007-11-21 12:56:02 UTC - RP96 - Windows Update30: 2007-11-20 03:18:10 UTC - RP95 - Windows Defender Checkpoint29: 2007-11-18 19:11:23 UTC - RP93 - Installed QuickTime-- First Restore Point -- 1: 2007-10-07 23:29:05 UTC - RP63 - Windows UpdateBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Zavala.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:13:18 PM, on 12/2/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\BigFix\bigfix.exeC:\Program Files\Trend Micro\AntiVirus 2007\tavui.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\NetZero\exec.exeC:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\NetZero\exec.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Users\Steven\Downloads\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Zavala.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5622R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dllO2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silentO4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systrayO4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartupO4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-2733014286-607279091-1391130181-1001\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Steven')O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7574 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------All drivers whitelisted.-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2007-11-02 17:43:07 402 --a------ C:\Windows\Tasks\EasyShare Registration Task.job-- Files created between 2007-11-02 and 2007-12-02 -----------------------------2007-12-02 14:09:32 0 d-------- \Deckard2007-11-29 22:29:16 0 d-------- C:\Users\All Users\NetZero2007-11-20 19:03:25 0 dr------- C:\Users\Steven\Searches2007-11-20 19:03:16 0 dr------- C:\Users\Steven\Contacts2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Templates <TEMPLA~1>2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Start Menu <STARTM~1>2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\SendTo2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Recent2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\PrintHood <PRINTH~1>2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\NetHood2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\My Documents <MYDOCU~1>2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Local Settings <LOCALS~1>2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Cookies2007-11-20 19:03:11 0 d--hs---- C:\Users\Steven\Application Data <APPLIC~1>2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Videos2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Saved Games <SAVEDG~1>2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Pictures2007-11-20 19:03:10 1048576 --ahs---- C:\Users\Steven\NTUSER.DAT2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Music2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Links2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Favorites <FAVORI~1>2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Downloads <DOWNLO~1>2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Documents <DOCUME~1>2007-11-20 19:03:10 0 dr------- C:\Users\Steven\Desktop2007-11-20 19:03:10 0 d--h----- C:\Users\Steven\AppData2007-11-20 16:05:26 0 d-------- C:\Users\All Users\PlayFirst2007-11-20 16:05:22 0 d-------- C:\Users\All Users\Trymedia2007-11-20 16:04:49 0 d-------- C:\Program Files\AOL Games2007-11-19 13:45:50 0 d-------- C:\Program Files\Enigma Software Group2007-11-18 14:12:59 0 d-------- C:\Program Files\QuickTime2007-11-18 14:12:55 0 d-------- C:\Users\All Users\Apple Computer2007-11-18 14:11:20 0 d-------- C:\Program Files\Apple Software Update2007-11-18 14:11:19 0 d-------- C:\Users\All Users\Apple2007-11-15 16:00:30 4096 --a------ C:\Windows\d3dx.dat2007-11-15 16:00:23 0 d-------- C:\Users\All Users\n7-89-o9-3r-4t-r92007-11-15 15:57:07 0 d-------- C:\Program Files\GameHouse2007-11-02 17:12:40 0 d-------- C:\Program Files\Common Files\Kodak2007-11-02 17:12:29 0 d-------- C:\Program Files\Common Files\PX Storage Engine2007-11-02 16:32:26 0 d-------- C:\Users\All Users\QuickTime2007-11-02 16:31:53 0 d-------- C:\Windows\system32\BWKDLogs2007-11-02 16:31:16 0 d-------- C:\Program Files\Kodak2007-11-02 16:31:16 0 d-------- C:\Program Files\Common Files\MSSoap2007-11-02 16:29:34 0 d-------- C:\Users\All Users\Kodak-- Find3M Report ---------------------------------------------------------------2007-12-02 14:04:18 2147483647 --ahs---- \hiberfil.sys2007-12-02 14:04:17 2147483647 --ahs---- \pagefile.sys2007-12-02 10:40:44 0 d-------- C:\Users\Zavala\AppData\Roaming\Spare Backup2007-11-30 23:00:23 2998 --a------ C:\Users\Zavala\AppData\Roaming\wklnhst.dat2007-11-30 06:52:16 0 d-------- C:\Users\Zavala\AppData\Roaming\Canon2007-11-29 22:29:32 0 d-------- C:\Program Files\NetZero2007-11-24 15:33:42 0 d-------- C:\Program Files\Trend Micro2007-11-20 16:05:26 0 d-------- C:\Users\Zavala\AppData\Roaming\PlayFirst2007-11-16 08:32:28 0 d-------- C:\Program Files\Web Publish2007-11-15 15:57:16 0 d-------- C:\Users\Zavala\AppData\Roaming\GameHouse2007-11-14 17:34:04 0 d-------- C:\Program Files\Windows Mail2007-11-10 23:37:25 0 d--h----- C:\Program Files\InstallShield Installation Information2007-11-10 23:37:20 0 d-------- C:\Program Files\Common Files2007-10-25 23:29:28 0 d-------- C:\Users\Zavala\AppData\Roaming\acccore2007-10-21 02:08:13 0 d-------- C:\Program Files\AIM62007-10-21 02:07:48 0 d-------- C:\Program Files\Viewpoint2007-10-21 02:06:56 0 d-------- C:\Program Files\Common Files\AOL2007-10-16 15:07:58 0 d-------- C:\Program Files\Common Files\Adobe2007-10-12 16:05:26 0 d-------- C:\Users\Zavala\AppData\Roaming\Template2007-10-09 07:53:21 0 d-------- C:\Users\Zavala\AppData\Roaming\Adobe2007-10-07 19:40:58 0 -rahs---- \MSDOS.SYS2007-10-07 19:40:58 0 -rahs---- \IO.SYS2007-10-07 19:03:27 174 --ahs---- C:\Program Files\desktop.ini2007-10-07 19:00:58 0 d-------- C:\Program Files\Windows Calendar2007-10-07 18:58:24 0 d-------- C:\Program Files\Canon2007-10-07 18:54:20 0 d-------- C:\Program Files\Common Files\NewSoft2007-10-07 18:54:08 0 d-------- C:\Program Files\Common Files\PDFView2007-10-07 18:54:02 0 d-------- C:\Program Files\NewSoft2007-10-07 18:51:53 0 d-------- C:\Program Files\MSXML 4.02007-10-07 18:50:23 0 d-------- C:\Program Files\Common Files\CANON2007-10-07 18:45:18 0 d--h----- C:\Program Files\CanonBJ2007-10-07 17:36:19 0 d-------- C:\Users\Zavala\AppData\Roaming\Macromedia2007-10-07 15:04:42 0 d-------- C:\Users\Zavala\AppData\Roaming\SampleView2007-10-07 14:48:31 0 d-------- C:\Users\Zavala\AppData\Roaming\Google2007-10-07 14:06:41 0 d-------- C:\Users\Zavala\AppData\Roaming\Identities-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/25/2007 12:22 PM]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [06/05/2007 09:52 PM]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06/05/2007 09:52 PM]"Persistence"="C:\Windows\system32\igfxpers.exe" [06/05/2007 09:52 PM]"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 01:06 PM C:\Windows\RtHDVCpl.exe]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/25/2007 11:55 AM]"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [07/12/2007 11:27 PM]"NapsterShell"="C:\Program Files\Napster\napster.exe" []"BigFix"="c:\program files\Bigfix\bigfix.exe" [11/16/2006 06:04 PM]"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [07/05/2007 07:09 PM]"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 08:01 PM]"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 08:50 PM]"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 07:35 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" []"Windows update loader"="C:\Windows\xpupdate.exe" [][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]"Launcher"=%WINDIR%\SMINST\launcher.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 3:33:46 AM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"=2 (0x2)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"Wallpaper"=[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceActiveDesktopOn"=1 (0x1)"NoActiveDesktop"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]@="IEEE 1394 Bus host controllers"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]@="SBP2 IEEE 1394 Devices"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]@="SecurityDevices"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]C:\Windows\system32\unregmp2.exe /ShowWMP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI-- End of Deckard's System Scanner: finished at 2007-12-02 14:15:06 ------------Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft® Windows Vistaâ„¢ Home Premium (build 6000)Architecture: X86; Language: EnglishCPU 0: Genuine Intel® CPU 2160 @ 1.80GHzPercentage of Memory in Use: 35%Physical Memory (total/avail): 3062.75 MiB / 1976.16 MiBPagefile Memory (total/avail): 6312.73 MiB / 5325.21 MiBVirtual Memory (total/avail): 2047.88 MiB / 1917.79 MiBC: is Fixed (NTFS) - 362.58 GiB total, 303.72 GiB free. D: is Fixed (NTFS) - 10.03 GiB total, 4.44 GiB free. E: is CDROM (No Media)F: is Removable (No Media)G: is Removable (No Media)H: is Removable (No Media)I: is Removable (No Media)\\.\PHYSICALDRIVE0 - WDC WD4000AAJS-00TKA0 ATA Device - 372.61 GiB - 2 partitions \PARTITION0 - Installable File System - 10.03 GiB - D: \PARTITION1 (bootable) - Installable File System - 362.58 GiB - C:\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.AV: Trend Micro AntiVirus - Virus Protection v15.10.2002 (Trend Micro, Inc.)AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)AS: Trend Micro AntiVirus - Spyware Protection v15.10.2002 (Trend Micro, Inc.)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\Zavala\AppData\RoamingCLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zipCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=ZAVALA-PCComSpec=C:\Windows\system32\cmd.exeFP_NO_HOST_CHECK=NOLOCALAPPDATA=C:\Users\Zavala\AppData\LocalNUMBER_OF_PROCESSORS=2OS=Windows_NTPath=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0f02ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesPROMPT=$P$GPUBLIC=C:\Users\PublicQTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zipSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\Zavala\AppData\Local\TempTMP=C:\Users\Zavala\AppData\Local\TempUSERDOMAIN=Zavala-PCUSERNAME=ZavalaUSERPROFILE=C:\Users\Zavalawindir=C:\Windows-- User Profiles ---------------------------------------------------------------Zavala (admin)Steven-- Add/Remove Programs ---------------------------------------------------------Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSEAdobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDeleteAdobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}AIM 6 --> C:\Program Files\AIM6\uninst.exeApple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}Bejeweled 2 Deluxe --> "C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"Blackhawk Striker 2 --> "C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.iniCanon MX310 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009Canon MX310 series User Registration --> C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXECanon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.iniCanon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.iniCanon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.iniCCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033 Diner Dash --> "C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}Family Feud 2 --> "C:\Program Files\Gateway Games\Family Feud 2\Uninstall.exe"FATE --> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"Gateway Connect --> MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}Gateway Game Console --> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstallGoogle Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallIntel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstallJava SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}Kodak EasyShare software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0002_2fab2\Setup.exe /APR-REMOVELabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstallMicrosoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLLMicrosoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstallMicrosoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}Penguins! --> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -RPolar Bowler --> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"Polar Golfer --> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstallPresto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonlyQuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonlyRealtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonlySally's Salon --> C:\PROGRA~1\GAMEHO~1\SALLY'~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SALLY'~1\INSTALL.LOGSecurity Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.infSpare Backup --> MsiExec.exe /X{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}Tradewinds --> "C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"Trend Micro AntiVirus --> MsiExec.exe /X{71E4D679-20AB-41E9-A350-D5BF92088FFE}Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /uVirtual Villagers - A New Home --> "C:\Program Files\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}Wedding Dash (remove only) --> "C:\Program Files\AOL Games\Wedding Dash \Uninstall.exe"WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}-- Application Event Log -------------------------------------------------------Event Record #/Type7402 / ErrorEvent Submitted/Written: 12/02/2007 02:04:33 PMEvent ID/Source: 5007 / WerSvcEvent Description:The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.Event Record #/Type7401 / SuccessEvent Submitted/Written: 12/02/2007 02:04:32 PMEvent ID/Source: 5617 / WinMgmtEvent Description:Event Record #/Type7400 / SuccessEvent Submitted/Written: 12/02/2007 02:04:32 PMEvent ID/Source: 5615 / WinMgmtEvent Description:Event Record #/Type7397 / SuccessEvent Submitted/Written: 12/02/2007 02:04:25 PMEvent ID/Source: 902 / Software Licensing ServiceEvent Description:The Software Licensing service has started.Event Record #/Type7388 / SuccessEvent Submitted/Written: 12/02/2007 11:43:17 AMEvent ID/Source: 903 / Software Licensing ServiceEvent Description:The Software Licensing service has stopped.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type46789 / WarningEvent Submitted/Written: 12/02/2007 02:13:39 PMEvent ID/Source: 3004 / WinDefendEvent Description:%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.For more information please see the following:%Zavala-PC275 Scan ID: {AF15EDFD-C340-4E36-9C16-CB482371BBED} User: Zavala-PC\Steven Name: %Zavala-PC271 ID: %Zavala-PC272 Severity ID: %Zavala-PC273 Category ID: %Zavala-PC274 Path Found: %Zavala-PC276 Alert Type: %Zavala-PC278 Detection Type: 1.1.1505.02Event Record #/Type46788 / WarningEvent Submitted/Written: 12/02/2007 02:13:39 PMEvent ID/Source: 3004 / WinDefendEvent Description:%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.For more information please see the following:%Zavala-PC275 Scan ID: {EF66DBBC-1DEA-4F7B-A55C-F19C01F643F8} User: Zavala-PC\Steven Name: %Zavala-PC271 ID: %Zavala-PC272 Severity ID: %Zavala-PC273 Category ID: %Zavala-PC274 Path Found: %Zavala-PC276 Alert Type: %Zavala-PC278 Detection Type: 1.1.1505.02Event Record #/Type46787 / WarningEvent Submitted/Written: 12/02/2007 02:13:39 PMEvent ID/Source: 3004 / WinDefendEvent Description:%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.For more information please see the following:%Zavala-PC275 Scan ID: {21A3423E-9723-454A-9477-4CD3FBA8830A} User: Zavala-PC\Steven Name: %Zavala-PC271 ID: %Zavala-PC272 Severity ID: %Zavala-PC273 Category ID: %Zavala-PC274 Path Found: %Zavala-PC276 Alert Type: %Zavala-PC278 Detection Type: 1.1.1505.02Event Record #/Type46786 / WarningEvent Submitted/Written: 12/02/2007 02:13:37 PMEvent ID/Source: 3004 / WinDefendEvent Description:%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.For more information please see the following:%Zavala-PC275 Scan ID: {C068686F-46CC-4E7A-9464-C263DC48AF31} User: Zavala-PC\Steven Name: %Zavala-PC271 ID: %Zavala-PC272 Severity ID: %Zavala-PC273 Category ID: %Zavala-PC274 Path Found: %Zavala-PC276 Alert Type: %Zavala-PC278 Detection Type: 1.1.1505.02Event Record #/Type46785 / WarningEvent Submitted/Written: 12/02/2007 02:13:37 PMEvent ID/Source: 3004 / WinDefendEvent Description:%Zavala-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Zavala-PC27 can't undo changes that you allow.For more information please see the following:%Zavala-PC275 Scan ID: {29813C89-61C8-409B-B365-DD4DA824478C} User: Zavala-PC\Steven Name: %Zavala-PC271 ID: %Zavala-PC272 Severity ID: %Zavala-PC273 Category ID: %Zavala-PC274 Path Found: %Zavala-PC276 Alert Type: %Zavala-PC278 Detection Type: 1.1.1505.02-- End of Deckard's System Scanner: finished at 2007-12-02 14:15:06 ------------ Link to post Share on other sites
Andro1d Posted December 2, 2007 Report Share Posted December 2, 2007 (edited) Hello again,Looking at your system now, one or more of the identified infections is a backdoor Trojan.If this computer is ever used for on-line banking, I suggest you do the following immediately:1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.ThenPlease download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------[*]Double click on combofix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Edited December 2, 2007 by MoNsTeReNeRgY22 Link to post Share on other sites
Paranoia Man Posted December 5, 2007 Author Report Share Posted December 5, 2007 Wow, thanks for the heads-up!I downloaded and ran ComboFix and got the following log:ComboFix 07-12-02.7 - Zavala 2007-12-05 16:36:03.1 - NTFSx86Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.2006 [GMT -5:00]Running from: C:\Users\Steven\Desktop\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))).2007-12-02 14:09 . 2007-12-02 14:09 <DIR> d-------- C:\Deckard2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\Users\All Users\NetZero2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\ProgramData\NetZero2007-11-24 21:25 . 2007-11-24 21:25 <DIR> d-------- C:\Users\Steven\AppData\Roaming\WildTangent2007-11-20 20:56 . 2007-11-20 20:56 <DIR> d-------- C:\Users\Steven\AppData\Roaming\SampleView2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Videos2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Searches2007-11-20 19:03 . 2007-11-29 23:03 <DIR> dr------- C:\Users\Steven\Saved Games2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Pictures2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Music2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Links2007-11-20 19:03 . 2007-12-02 14:08 <DIR> dr------- C:\Users\Steven\Downloads2007-11-20 19:03 . 2007-12-04 21:19 <DIR> dr------- C:\Users\Steven\Documents2007-11-20 19:03 . 2007-11-20 19:03 <DIR> dr------- C:\Users\Steven\Contacts2007-11-20 19:03 . 2007-12-05 16:32 <DIR> d-------- C:\Users\Steven\AppData\Roaming\Spare Backup2007-11-20 19:03 . 2006-11-02 07:37 <DIR> d-------- C:\Users\Steven\AppData\Roaming\Media Center Programs2007-11-20 19:03 . 2007-11-20 19:03 <DIR> d--h----- C:\Users\Steven\AppData2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\Zavala\AppData\Roaming\PlayFirst2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\All Users\Trymedia2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\Users\All Users\PlayFirst2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\ProgramData\Trymedia2007-11-20 16:05 . 2007-11-20 16:05 <DIR> d-------- C:\ProgramData\PlayFirst2007-11-20 16:04 . 2007-11-20 16:04 <DIR> d-------- C:\Program Files\AOL Games2007-11-19 13:45 . 2007-11-19 19:23 <DIR> d-------- C:\Program Files\Enigma Software Group2007-11-18 14:12 . 2007-11-18 14:12 <DIR> d-------- C:\Users\All Users\Apple Computer2007-11-18 14:12 . 2007-11-18 14:12 <DIR> d-------- C:\ProgramData\Apple Computer2007-11-18 14:12 . 2007-11-18 14:13 <DIR> d-------- C:\Program Files\QuickTime2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\Users\All Users\Apple2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\ProgramData\Apple2007-11-18 14:11 . 2007-11-18 14:11 <DIR> d-------- C:\Program Files\Apple Software Update2007-11-18 12:55 . 2007-11-18 12:55 1,244,672 --a------ C:\Windows\System32\mcmde.dll2007-11-15 16:00 . 2007-11-15 16:00 <DIR> d-------- C:\Users\All Users\n7-89-o9-3r-4t-r92007-11-15 16:00 . 2007-11-15 16:00 <DIR> d-------- C:\ProgramData\n7-89-o9-3r-4t-r92007-11-15 16:00 . 2007-11-15 16:00 4,096 --a------ C:\Windows\d3dx.dat2007-11-15 15:57 . 2007-11-15 15:57 <DIR> d-------- C:\Users\Zavala\AppData\Roaming\GameHouse2007-11-15 15:57 . 2007-11-15 15:57 <DIR> d-------- C:\Program Files\GameHouse.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-12-05 17:58 --------- d-----w C:\Users\Zavala\AppData\Roaming\Spare Backup2007-12-01 04:00 2,998 ----a-w C:\Users\Zavala\AppData\Roaming\wklnhst.dat2007-11-30 11:52 --------- d-----w C:\Users\Zavala\AppData\Roaming\Canon2007-11-30 03:29 --------- d-----w C:\Program Files\NetZero2007-11-25 02:25 --------- d-----w C:\ProgramData\WildTangent2007-11-24 20:33 --------- d-----w C:\Program Files\Trend Micro2007-11-16 13:32 --------- d-----w C:\Program Files\Web Publish2007-11-14 22:35 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr2007-11-14 22:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll2007-11-14 22:35 542,720 ----a-w C:\Windows\System32\sysmain.dll2007-11-14 22:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll2007-11-14 22:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll2007-11-14 22:35 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe2007-11-14 22:35 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe2007-11-14 22:35 297,984 ----a-w C:\Windows\System32\wlansec.dll2007-11-14 22:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll2007-11-14 22:35 28,344 ----a-w C:\Windows\system32\drivers\battc.sys2007-11-14 22:35 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys2007-11-14 22:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll2007-11-14 22:35 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys2007-11-14 22:35 2,923,520 ----a-w C:\Windows\explorer.exe2007-11-14 22:35 2,027,008 ----a-w C:\Windows\System32\win32k.sys2007-11-14 22:34 --------- d-----w C:\Program Files\Windows Mail2007-11-11 04:37 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-11-11 04:37 --------- d-----w C:\ProgramData\Napster2007-11-07 00:43 --------- d-----w C:\ProgramData\CanonIJPLM2007-11-02 22:14 --------- d-----w C:\ProgramData\Kodak2007-11-02 22:13 --------- d-----w C:\Program Files\Kodak2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\PX Storage Engine2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\Kodak2007-11-02 21:32 --------- d-----w C:\ProgramData\QuickTime2007-10-26 04:29 --------- d-----w C:\Users\Zavala\AppData\Roaming\acccore2007-10-21 07:09 --------- d-----w C:\ProgramData\AOL OCP2007-10-21 07:08 --------- d-----w C:\ProgramData\AOL2007-10-21 07:08 --------- d-----w C:\Program Files\AIM62007-10-21 07:07 --------- d-----w C:\ProgramData\Viewpoint2007-10-21 07:07 --------- d-----w C:\Program Files\Viewpoint2007-10-21 07:06 --------- d-----w C:\Program Files\Common Files\AOL2007-10-16 20:07 --------- d-----w C:\Program Files\Common Files\Adobe2007-10-12 21:05 --------- d-----w C:\Users\Zavala\AppData\Roaming\Template2007-10-11 14:42 --------- d-----w C:\ProgramData\Microsoft Help2007-10-11 14:40 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL2007-10-11 14:40 7,680 ----a-w C:\Windows\System32\spwmp.dll2007-10-11 14:40 4,096 ----a-w C:\Windows\System32\dxmasf.dll2007-10-11 14:40 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll2007-10-11 14:39 56,320 ----a-w C:\Windows\System32\iesetup.dll2007-10-11 14:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll2007-10-11 14:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe2007-10-11 14:38 84,480 ----a-w C:\Windows\System32\INETRES.dll2007-10-11 14:38 788,992 ----a-w C:\Windows\System32\rpcrt4.dll2007-10-11 14:38 737,792 ----a-w C:\Windows\System32\inetcomm.dll2007-10-08 00:03 174 --sha-w C:\Program Files\desktop.ini2007-10-08 00:00 --------- d-----w C:\Program Files\Windows Calendar2007-10-07 23:58 8,192 ----a-w C:\Windows\System32\riched32.dll2007-10-07 23:58 77,824 ----a-w C:\Windows\System32\rascfg.dll2007-10-07 23:58 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys2007-10-07 23:58 694,784 ----a-w C:\Windows\System32\localspl.dll2007-10-07 23:58 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys2007-10-07 23:58 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys2007-10-07 23:58 52,736 ----a-w C:\Windows\System32\rasdiag.dll2007-10-07 23:58 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys2007-10-07 23:58 384,000 ----a-w C:\Windows\System32\netcfgx.dll2007-10-07 23:58 36,864 ----a-w C:\Windows\System32\cdd.dll2007-10-07 23:58 33,280 ----a-w C:\Windows\System32\traffic.dll2007-10-07 23:58 32,768 ----a-w C:\Windows\System32\rasmxs.dll2007-10-07 23:58 286,208 ----a-w C:\Windows\System32\ipnathlp.dll2007-10-07 23:58 22,016 ----a-w C:\Windows\System32\rasser.dll2007-10-07 23:58 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys2007-10-07 23:58 15,360 ----a-w C:\Windows\System32\pacerprf.dll2007-10-07 23:58 134,656 ----a-w C:\Windows\System32\dps.dll2007-10-07 23:58 13,824 ----a-w C:\Windows\System32\wshqos.dll2007-10-07 23:58 13,824 ----a-w C:\Windows\System32\icsunattend.exe2007-10-07 23:58 --------- d-----w C:\Program Files\Canon2007-10-07 23:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll2007-10-07 23:55 1,335,296 ----a-w C:\Windows\System32\msxml6.dll2007-10-07 23:54 88,576 ----a-w C:\Windows\System32\avifil32.dll2007-10-07 23:54 82,944 ----a-w C:\Windows\System32\mciavi32.dll2007-10-07 23:54 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll2007-10-07 23:54 69,632 ----a-w C:\Windows\System32\sendmail.dll2007-10-07 23:54 65,024 ----a-w C:\Windows\System32\avicap32.dll2007-10-07 23:54 61,440 ----a-w C:\Windows\System32\ntprint.exe2007-10-07 23:54 31,232 ----a-w C:\Windows\System32\msvidc32.dll2007-10-07 23:54 269,824 ----a-w C:\Windows\System32\schannel.dll2007-10-07 23:54 220,160 ----a-w C:\Windows\System32\ntprint.dll2007-10-07 23:54 123,904 ----a-w C:\Windows\System32\msvfw32.dll2007-10-07 23:54 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll2007-10-07 23:54 12,800 ----a-w C:\Windows\System32\msrle32.dll2007-10-07 23:54 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll2007-10-07 23:54 1,984,512 ----a-w C:\Windows\System32\authui.dll2007-10-07 23:54 --------- d-----w C:\Program Files\NewSoft2007-10-07 23:54 --------- d-----w C:\Program Files\Common Files\PDFView2007-10-07 23:54 --------- d-----w C:\Program Files\Common Files\NewSoft2007-10-07 23:53 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr2007-10-07 23:51 750,080 ----a-w C:\Windows\System32\qmgr.dll2007-10-07 23:51 --------- d-----w C:\Program Files\MSXML 4.02007-10-07 23:50 --------- d-----w C:\Program Files\Common Files\CANON2007-10-07 23:47 --------- d--h--w C:\ProgramData\CanonBJ2007-10-07 23:45 --------- d--h--w C:\Program Files\CanonBJ2007-10-07 23:42 --------- d-----w C:\ProgramData\Trend Micro2007-10-07 23:39 --------- d-----w C:\ProgramData\McAfee.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 12:22]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-05 21:52]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-05 21:52]"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-05 21:52]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 C:\Windows\RtHDVCpl.exe]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 11:55]"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27]"NapsterShell"="C:\Program Files\Napster\napster.exe" []"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04]"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-07-05 19:09]"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01]"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50]"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Launcher"="%WINDIR%\SMINST\launcher.exe" []"*Restore"="C:\Windows\System32\rstrui.exe" [2006-11-02 07:36]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"LoadAppInit_DLLs"=1 (0x1)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]@="IEEE 1394 Bus host controllers"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]@="SBP2 IEEE 1394 Devices"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]@="SecurityDevices"R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sysR0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sysR0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sysR0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sysR0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sysR0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sysR0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sysR0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sysR1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sysR1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sysR1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sysR1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sysR1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sysR1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sysR2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcsR2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedR2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkR2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetworkR2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedR2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalServiceR2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcsR2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXER2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcsR2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcsR2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceR2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sysR2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sysR2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcsR2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkR2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalServiceR2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkServiceR2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalServiceR2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedR2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sysR2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcsR2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exeR2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedR2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedR2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sysR2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedR2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroupR2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedR2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedR2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sysR3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcsR3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sysR3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sysR3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcsR3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalServiceR3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sysR3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sysR3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exeR3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sysR3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sysR3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sysR3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sysR3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sysR3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sysR3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sysR3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sysR3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exeR3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sysR3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sysR3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedR3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalServiceS3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sysS3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sysS3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sysS3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcsS3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exeS3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedS3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sysS3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sysS3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcsS3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedS3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalServiceS3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcsS3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sysS3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkServiceS3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sysS3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedS3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedS3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetworkS3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedS3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedS3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalServiceS3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sysS3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcsS3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVCS3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcsS3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sysS3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalServiceS3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceS3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalServiceS3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sysS3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exeS3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sysS3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sysS3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceS3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvcS3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvcS3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkServiceS3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcsS3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkServiceS3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestrictedS4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sysS4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sysS4 amdide;amdide;C:\Windows\system32\drivers\amdide.sysS4 arc;arc;C:\Windows\system32\drivers\arc.sysS4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sysS4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sysS4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sysS4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sysS4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sysS4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sysS4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sysS4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sysS4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sysS4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sysS4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sysS4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sysS4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sysS4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sysS4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sysS4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalServiceS4 megasas;megasas;C:\Windows\system32\drivers\megasas.sysS4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sysS4 msahci;msahci;C:\Windows\system32\drivers\msahci.sysS4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sysS4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sysS4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sysS4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sysS4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sysS4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sysS4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sysS4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sysS4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sysS4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sysS4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sysS4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sysS4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sysS4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sysS4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClientLocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnumNetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgentLocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstartNetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC TapisrvWerSvcGroup REG_MULTI_SZ wersvcswprv REG_MULTI_SZ swprvLocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoRegregsvc REG_MULTI_SZ RemoteRegistrywcssvc REG_MULTI_SZ WcsPlugInServiceDcomLaunch REG_MULTI_SZ PlugPlay DcomLaunchwdisvc REG_MULTI_SZ WdiServiceHostsdrsvc REG_MULTI_SZ sdrsvcsecsvcs REG_MULTI_SZ WinDefendHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsAeLookupSvcwercplsupportThemesCertPropSvcSCPolicySvclanmanservergpsvcIKEEXTAudioSrvFastUserSwitchingCompatibilityNlaNWCWorkstationSRServiceWmiWmdmPmSpTermServicewuauservBITSShellHWDetectionLogonHoursPCAudithelpsvcuploadmgriphlpsvcseclogonAppInfomsiscsiMMCSSProfSvcEapHostwinmgmtscheduleSessionEnvbrowserhkmsvc*Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]C:\Windows\system32\unregmp2.exe /ShowWMP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI.Contents of the 'Scheduled Tasks' folder"2007-11-02 22:43:07 C:\Windows\Tasks\EasyShare Registration Task.job"- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16.**************************************************************************catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-05 16:37:55Windows 6.0.6000 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-05 16:38:34C:\ComboFix2.txt ... 2007-12-04 21:15C:\combofixlog.txt ... 2007-12-04 21:18. --- E O F ---I ran HJT again and got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:45, on 2007-12-05Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\BigFix\bigfix.exeC:\Program Files\Trend Micro\AntiVirus 2007\tavui.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Windows\system32\notepad.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5622R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dllO2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silentO4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systrayO4 - HKLM\..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartupO4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonceO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-2733014286-607279091-1391130181-1001\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Steven')O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7180 bytes Link to post Share on other sites
Andro1d Posted December 6, 2007 Report Share Posted December 6, 2007 Hello again,Please go HERE to run Panda's TotalScanSelect the bubble for Full scanIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)Then the scan will beginWhen the scan completes, click the Save button on the right of Scan detailsSave it to a convenient location. Post the contents of the TotalScan report Link to post Share on other sites
Paranoia Man Posted December 9, 2007 Author Report Share Posted December 9, 2007 I tried to download Panda TotalScan, but it immediately came up with the message: "Sorry, loading is incomplete due to an error. Please try again. Error 1002."I tried to lookup solutions to this problem but I could not find any. Link to post Share on other sites
Andro1d Posted December 9, 2007 Report Share Posted December 9, 2007 (edited) Download Dr.Web CureIt to the desktop:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exeDoubleclick the drweb-cureit.exe file and Allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, in the menu, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit. Edited December 9, 2007 by MoNsTeReNeRgY22 Link to post Share on other sites
Recommended Posts