confused and out of steam

oldman960 · 2007-11-06T08:11:41.000Z

Yep, you did good! 8) see below

sasysusie · 2007-11-06T08:12:26.000Z

nope i think i good and ive not been in cribbage or messenger for a few days now…see i do listen sometimes… this all looks like somthing i can handle just fine and as soon as im done i need my beauty rest too… won’t be getting to much of it tonight from the looks of it. Thanks you for being so patient with me, you seem to keep me moving and calm and i really do appreciate that and im sure the wine helps with that too :)… have good rest!
Night and ill talk to you tomorrow!
tyty again
Susie

Aww and tyty its nice to know i can do it right once in awhile tyty for that too! Bigg Hugs!

Maxx_original · 2007-11-06T08:14:09.000Z

it looks similar to virtumonde… strange DLL’s registered as browser helpers… if you are able to locate these files someway, can you send them to virus[at]avast[dot]com in password protected archive and “recent virtumonde infection” as subject?

oldman960 · 2007-11-06T08:19:03.000Z

Maxx_original post:263:

it looks similar to virtumonde… strange DLL’s registered as browser helpers… if you are able to locate these files someway, can you send them to virus[at]avast[dot]com in password protected archive and “recent virtumonde infection” as subject?

Hi Maxx

I’ll check with some others and see if we can extract them from the tools we used. I know avenger makes a zipped backup. So we’ll see. It’s been a long night, normally, I would have had them moved to the users section of the chest.

oldman960 · 2007-11-06T08:20:12.000Z

Night sasysusie.

sasysusie · 2007-11-06T08:22:36.000Z

Night Oldman! Here is the new DSS log for you to look at in the MORNING!! Night!!
again much thanks!
Susie

Deckard’s System Scanner v20071014.68
Run by HP_Owner on 2007-11-06 00:17:41
Computer is in Normal Mode.

Total Physical Memory: 504 MiB (512 MiB recommended).

– HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:43 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\keyexp\KEYEXP.EXE
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM..\Run: [AOL Spyware Protection] “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe
O4 - HKLM..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Keyboard Express 2000.lnk = C:\Program Files\keyexp\KEYEXP.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

sasysusie · 2007-11-06T08:23:27.000Z

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To HP Organize… - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.33/g_bin/eng/boards_2_0_0_34.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Program Files\InterMute\SpySubtract\CWShredder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

–
End of file - 10929 bytes

– Files created between 2007-10-06 and 2007-11-06 -----------------------------

2007-11-05 16:01:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Comodo
2007-11-05 08:40:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-05 08:29:46 0 d-------- C:\Program Files\Comodo
2007-11-04 12:09:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-04 12:09:59 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-04 12:09:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-04 12:09:59 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-02 10:00:03 0 d-------- C:\Program Files\Trend Micro
2007-11-01 21:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-01 21:39:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-01 21:39:11 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2007-11-01 21:36:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 11:13:33 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-10-27 08:16:29 5242880 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-10-22 06:01:37 0 d-------- C:\Temp
2007-10-19 17:28:35 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-10-19 17:28:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-19 17:26:38 0 d-------- C:\Program Files\Yahoo!

sasysusie · 2007-11-06T08:24:10.000Z

– Find3M Report ---------------------------------------------------------------

2007-11-05 16:02:47 0 d-------- C:\Program Files\Pure Networks
2007-11-04 21:07:03 0 d-a------ C:\Program Files\Common Files
2007-11-04 12:10:49 6238 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 21:37:48 0 d-------- C:\Program Files\Java
2007-11-02 17:13:09 3645 --a------ C:\WINDOWS\viassary-hp.reg
2007-11-02 10:31:22 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-10-26 15:36:21 0 --a------ C:\Documents and Settings\HP_Owner\Application Data\WGC_Client Preferences
2007-10-22 06:10:26 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-24 18:44:55 0 d-------- C:\Program Files\America Online 9.0
2007-09-23 20:43:28 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-12 22:16:11 0 d-------- C:\Program Files\Panicware

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [05/07/1998 03:04 PM]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [11/02/2004 02:59 PM]
“AGRSMMSG”=“AGRSMMSG.exe” [06/29/2004 04:06 PM C:\WINDOWS\AGRSMMSG.exe]
“HPHUPD06”=“c:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe” [06/07/2004 05:53 PM]
“HPHmon06”=“C:\WINDOWS\system32\hphmon06.exe” [06/07/2004 05:42 PM]
“KBD”=“C:\HP\KBD\KBD.EXE” [02/11/2003 06:02 PM]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [02/15/2005 09:09 AM]
“Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [04/14/2004 07:43 PM]
“AlcxMonitor”=“ALCXMNTR.EXE” [09/07/2004 07:47 PM C:\WINDOWS\ALCXMNTR.EXE]
“PS2”=“C:\WINDOWS\system32\ps2.exe” [10/25/2004 08:17 PM]
“LSBWatcher”=“c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe” [10/14/2004 08:54 PM]
“Reminder”=“C:\Windows\Creator\Remind_XP.exe” [12/14/2004 01:23 AM]
“Share-to-Web Namespace Daemon”=“C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [07/03/2001 09:11 AM]
“AOLDialer”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” [10/23/2006 04:50 AM]
“AOL Spyware Protection”=“C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe” [10/18/2004 03:42 PM]
“LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [07/19/2005 04:32 PM]
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [06/08/2005 02:24 PM]
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [06/08/2005 02:14 PM]
“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u”
“HostManager”=“C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe” [09/25/2006 04:52 PM]
“ProfileWatcher”=“C:\Program Files\ProfileWatcher\profilewatcher.exe”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [03/14/2007 06:05 PM]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [04/27/2007 08:41 AM]
“NapsterShell”=“C:\Program Files\Napster\napster.exe”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [09/06/2007 02:06 AM]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [09/25/2007 12:11 AM]
“COMODO Firewall Pro”=“C:\Program Files\Comodo\Firewall\CPF.exe” [11/05/2007 08:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/04/2004 10:00 AM]
“Weather”=“C:\Program Files\AWS\WeatherBug\Weather.exe” [01/06/2006 09:57 AM]
“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [06/08/2005 01:44 PM]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [06/09/2007 05:53 PM]
“Acme.PCHButton”=“C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe” [02/15/2005 09:25 AM]
“Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [08/30/2007 04:43 PM]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [06/21/2007 01:06 PM]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
Keyboard Express 2000.lnk - C:\Program Files\keyexp\KEYEXP.EXE [6/2/2006 6:35:10 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [3/17/2006 7:00:32 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 2:28:24 AM]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [4/30/2002 4:26:44 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2/15/2005 9:23:13 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe

– End of Deckard’s System Scanner: finished at 2007-11-06 00:18:13 ------------

sasysusie · 2007-11-06T13:11:47.000Z

wow looks like I got up too early! no new replies yet… im hoping thats a good thing… ill check back in a bit.
Thanks
Susie

oldman960 · 2007-11-06T13:32:25.000Z

Hi, while I’m looking at this could you please upload this file to www.virustotal.com

C:\WINDOWS\system32\tmp.reg

On their site, there a small box at the top, just copy and paste the file, scroll down abit and click upload. Please post the result. If other scanners find it positive, then please add it to the user section of the chest. To do this

right click the “a” icon near the clock
click start avast antivirus
click the chest icon
click on user files

Right click the file list window and choose Add from the popup menu.
Browse folders and select the file you want to add.
Choose Open
Don’t worry, you’re not opening the file, you’re adding it. The file is safe there. ;D

In windows explorer, go the the files location and delete it, empty the recycle bin.

sasysusie · 2007-11-06T14:00:10.000Z

i pasted it in the box but as i scroll down its not giving me upload as an option … what it does have is:
Options
Do not distribute the sample If checked, in case the file is suspicious of being malware we will not distribute it to antivirus companies.
Send it over SSL You can use an encrypted channel if you are behind a proxy with antivirus support.

do i check one of those 2 boxes and the the next choice is
Send File

oldman960 · 2007-11-06T14:01:43.000Z

So far so good. Gotta go to work, will check back when I get a chance and see how it’s going. If that file is infected, don’t panic just follow the instructions I gave you.

I need one more report, it’s pretty intensive and may take a while. Mauserme will have a look. Then we’ll just wait to see what he has to say. ;D

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

This log will be quite long. You can either use multiple post or attach the log file if its easier. In either case make sure the last line is < End of Report >.

oldman960 · 2007-11-06T14:02:59.000Z

sasysusie post:271:

i pasted it in the box but as i scroll down its not giving me upload as an option … what it does have is:
Options
Do not distribute the sample If checked, in case the file is suspicious of being malware we will not distribute it to antivirus companies.
Send it over SSL You can use an encrypted channel if you are behind a proxy with antivirus support.

do i check one of those 2 boxes and the the next choice is
Send File

No checkmarks and yes it’s send file , sorry.

sasysusie · 2007-11-06T14:05:39.000Z

Thanks for the reply… ok ill do all the things you said ive got some time before i go tutor my 8th graders in algebra so i cam make some more good progress I hope! Talk to you soon. Thanks again… so neither one of us got much beauty rest!
bye 4 now
Susie

sasysusie · 2007-11-06T14:20:10.000Z

results from VirusTotal were:
File tmp.reg received on 11.06.2007 15:06:55 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)

So i guess im not moving it to a chest… ill go on to the next you gave me to do…

sasysusie · 2007-11-06T14:39:05.000Z

oldman post:272:

So far so good. Gotta go to work, will check back when I get a chance and see how it’s going. If that file is infected, don’t panic just follow the instructions I gave you.

I need one more report, it’s pretty intensive and may take a while. Mauserme will have a look. Then we’ll just wait to see what he has to say. ;D

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

This log will be quite long. You can either use multiple post or attach the log file if its easier. In either case make sure the last line is < End of Report >.

you said to click the checkboxes in front of the following items to select them:
was there supose to be a list?? im at a standstill i think until i know what to check or were you meaning check all the boxes in the list under additional scans… there i go being thick headed again, guess you can’t leave me alone for a moment…sorry but i think i better wait on this scan until i makke sure i am clear about this. Sorry once again ???
Susie

oldman960 · 2007-11-06T15:00:26.000Z

My apologies, I meant to l have made a note, no nothing under extra scans.

Did you see a complete list of the 32 scanners that tested the file?

sasysusie · 2007-11-06T15:18:54.000Z

i did see the complete list… did you want that list… i can go and do it again if you do? ok i still have not done the Winpfind because i am stuck at this point:

"Under Additional Scans click the checkboxes in front of the following items to select them:

"

you do not have a list of options… and i have no clue what to put check makes next to unless you mean the whole list they gave there? there are about 20 things in that list there

sasysusie · 2007-11-06T15:27:23.000Z

im afraid to proceed until i hear back from you so im just sitting tight…
guess i do better when im drinking wine!

oldman960 · 2007-11-06T15:37:30.000Z

I guess you missed my comment about additional scans in my last post.

Nothing for additional scans

Sure, run it again. I’m curious about the numbers that will be at the bottom of the results. Just copy and paste the results here.

Announcements