Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TrojanDownloader.XS [CLOSED]

Started by JOJO55 , Mar 16 2008 10:15 AM

Please log in to reply

#1
JOJO55

Posted 16 March 2008 - 10:15 AM

Member

Member
22 posts

Hello, I am completely computer stupid. I read all the other topics on this but still didn't work. My computer keeps getting red things popping up saying risk and the background is blue telling me spyware has taken over, I get popups out of the Yellow triangle. Nortons finds nothing new. I tried all of what you have said on other threads and have been up working on this for 14 hours. I give Oh and it won't let me connect to the internet on safe mode

Here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:48 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1149478484\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\common files\aol\1149478484\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1149478484\EE\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149478484\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taat] "C:\WINDOWS\SSTEM3~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Jwrfhjca] "C:\Documents and Settings\Adene Mega Butthead\Application Data\??crosoft.NET\?ti2evxx.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14011 bytes

#2
harrythook

Posted 16 March 2008 - 10:47 AM

Trusted Helper

Retired Staff
2,618 posts

Hey JOJO55,
Sorry to hear you got problems there, lets get rid of them

- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
Download FixIEDef.exe by ShadowPuterDude to the Desktop.
Note: FixIEDef now supports Non-English Language Systems
Double-click FixIEDef.exe:
That will open the About FixIEDef screen. Click OK to continue:
Next, press the Scan! button:
FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
Wait for the scan to finish. It shouldn't take very long:
- WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
After the !!! All Finished !!! message is displayed, click Exit:
Post the FixIEDef log file, located on the Desktop.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

See: http://www.beyondlog...processutil.htm

Mirrors: Alternate official download locations for FixIEDef.exe

http://it-mate.co.uk...ef/fixiedef.exe
http://hosts-file.ne...ef/fixiedef.exe
http://avant.it-mate...=Tools/FixIEDef
http://archives.myst...pyware/FixIEDef

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Post the results.

Harry

#3
JOJO55

Posted 16 March 2008 - 11:40 AM

Member

Topic Starter
Member
22 posts

Cant find the hjack log

********************************************************************************
* *
* FixIEDef Log *
* Version 1.2.10.3145 *
* *
********************************************************************************

Created at 09:54:51 on Sunday, March 16, 2008

Time Zone : (GMT-08:00) Pacific Time (US & Canada)

Operating System : Microsoft Windows XP Professional
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Program Files\SpyAway\logs\03.15.08_18_27_24.log
C:\Program Files\SpyAway\uninstall.exe
C:\Program Files\SpyAway\stat.bin
C:\Program Files\SpyAway\uninstall.log
C:\WINDOWS\default.htm
C:\WINDOWS\Search And Destroy\uninstall.exe
C:\WINDOWS\TEMP\SALM.EXE

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

C:\Program Files\SpyAway\logs
C:\Program Files\SpyAway
C:\WINDOWS\Search And Destroy

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

HKEY_CURRENT_USER\Software\MPMFC1

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

I am so lost, Sorry Harry I don't know if I messed it up worse.

#4
harrythook

Posted 16 March 2008 - 11:44 AM

Trusted Helper

Retired Staff
2,618 posts

You are doing good JOJO55

Lets see if you can run combofix now.
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
(You need to run Hijack again to produce a new log)
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Harry

#5
JOJO55

Posted 16 March 2008 - 12:03 PM

Member

Topic Starter
Member
22 posts

Here you go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:54 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1149478484\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\common files\aol\1149478484\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1149478484\EE\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149478484\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taat] "C:\WINDOWS\SSTEM3~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Jwrfhjca] "C:\Documents and Settings\Adene Mega Butthead\Application Data\??crosoft.NET\?ti2evxx.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14009 bytes

ComboFix 08-03-14.4 - Adene Mega Butthead 2008-03-16 10:53:41.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT -7:00]
Running from: C:\Documents and Settings\Adene Mega Butthead\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 09:27 . 2008-03-16 09:27 <DIR> d-------- C:\Program Files\180solutions
2008-03-16 09:27 . 2008-03-16 09:27 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-16 09:27 . 2008-03-16 09:27 <DIR> d-------- C:\Program Files\180search assistant
2008-03-16 09:27 . 2008-03-16 09:27 22,016 --a------ C:\WINDOWS\didduid.ini
2008-03-16 01:00 . 2008-03-16 01:00 20,224 --a------ C:\WINDOWS\shdocpl.dll
2008-03-16 01:00 . 2008-03-16 01:00 18,432 --a------ C:\WINDOWS\shdocpe.dll
2008-03-16 01:00 . 2008-03-16 01:00 16,896 --a------ C:\WINDOWS\winsb.dll
2008-03-16 00:25 . 2008-03-16 00:25 <DIR> d-------- C:\Deckard
2008-03-16 00:23 . 2008-03-16 00:37 4,084 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-15 23:42 . 2008-03-15 23:42 <DIR> d-------- C:\Documents and Settings\Adene Mega Butthead\Application Data\AdwareAlert
2008-03-15 20:52 . 2008-03-15 20:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-03-15 20:20 . 2008-03-15 20:20 <DIR> d-------- C:\Documents and Settings\Adene Mega Butthead\Application Data\Sereniti
2008-03-15 19:20 . 2008-03-15 19:20 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-15 19:20 . 2008-03-15 19:21 <DIR> d-------- C:\Program Files\Symantec
2008-03-15 19:20 . 2008-03-15 19:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-03-15 19:20 . 2008-03-15 19:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-03-15 19:20 . 2008-03-15 19:21 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-15 19:20 . 2008-03-15 19:21 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-15 19:20 . 2008-03-15 19:21 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-15 19:20 . 2008-03-15 19:21 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-15 19:10 . 2008-03-15 20:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 19:05 . 2008-03-15 19:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Symantec Temporary Files
2008-03-15 18:40 . 2008-03-15 18:40 <DIR> d-------- C:\Program Files\stc
2008-03-15 18:40 . 2008-03-15 18:40 13,312 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-15 18:11 . 2008-03-15 18:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-03-15 18:05 . 2008-03-15 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
2008-03-15 18:03 . 2008-03-15 18:03 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-15 18:03 . 2008-03-15 18:03 <DIR> d-------- C:\Program Files\zango
2008-03-15 18:03 . 2008-03-15 18:03 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-15 18:03 . 2008-03-15 18:03 25,856 --a------ C:\WINDOWS\ntnut.exe
2008-03-15 18:03 . 2008-03-15 18:03 19,968 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-15 18:03 . 2008-03-15 18:03 17,152 --a------ C:\WINDOWS\123messenger.per
2008-03-15 18:03 . 2008-03-15 18:03 15,872 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-15 18:03 . 2008-03-15 18:03 13,824 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-15 18:00 . 2008-03-15 18:38 710 --a------ C:\PPCleanDeleteAtReboot.bat
2008-03-15 17:59 . 2008-03-15 17:59 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-15 17:48 . 2008-03-15 17:50 <DIR> d-------- C:\Program Files\Bat
2008-03-15 17:47 . 2008-03-15 17:47 90,544 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-15 17:47 . 2008-03-15 17:47 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-10 02:45 . 2008-03-10 02:45 268 --ah----- C:\sqmdata03.sqm
2008-03-10 02:45 . 2008-03-10 02:45 244 --ah----- C:\sqmnoopt03.sqm
2008-03-07 04:02 . 2008-03-07 04:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 20:02 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-06 20:02 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-06 20:02 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-05 20:27 . 2008-03-05 20:28 <DIR> d-------- C:\Program Files\Windows Live
2008-03-05 20:27 . 2008-03-05 20:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 20:27 . 2008-03-05 20:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 17:55 --------- d-----w C:\Program Files\seekmo
2008-03-16 07:07 --------- d-----w C:\Program Files\Trend Micro
2008-03-16 03:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-03-16 03:24 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-16 03:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-02-06 21:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 21:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-02 06:16 --------- d-----w C:\Documents and Settings\Guest\Application Data\AOL
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-18 03:09 --------- d-----w C:\Program Files\Yahoo!
2008-01-18 03:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2007-04-28 05:06 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-03-07 21:15 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-15 19:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16 4670968]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 20:33 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Taat"="C:\WINDOWS\SSTEM3~1\ati2evxx.exe" [ ]
"Jwrfhjca"="C:\Documents and Settings\Adene Mega Butthead\Application Data\??crosoft.NET\?ti2evxx.exe" [ ]
"QdrPack14"="C:\Program Files\QdrPack\QdrPack14.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50 114688]
"HostManager"="C:\Program Files\Common Files\AOL\1149478484\ee\AOLSoftware.exe" [2007-04-12 14:23 42032]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-04 20:36 26112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 16:56 282624]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 14:48 479232]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 23:49 718704]
"AOLAspSunset2"="C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [2008-03-15 20:46 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [ ]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-23 10:33:56 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1149478484\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\1149478484\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-09-05 07:39]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 06:42:44 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-03-16 02:25:21 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Adene Mega Butthead.job"
- C:\Program Files\Norton AntiVirus\Navw32.exep/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 10:55:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 10:56:52
ComboFix-quarantined-files.txt 2008-03-16 17:56:34
ComboFix2.txt 2008-03-16 17:28:19
ComboFix3.txt 2008-03-16 17:16:24
ComboFix4.txt 2008-03-16 17:04:25
ComboFix5.txt 2008-03-16 07:15:08
.
2008-03-12 10:04:56 --- E O F ---

Thank you for your patience with me

#6
harrythook

Posted 16 March 2008 - 01:08 PM

Trusted Helper

Retired Staff
2,618 posts

Adene Mega Butthead

Thats good, I like it

Looking over the logs, I'll get back to you tonight

#7
JOJO55

Posted 18 March 2008 - 07:04 AM

Member

Topic Starter
Member
22 posts

Yeah my best friend did that don't know how to change it. Now things are going black is it getting worse?

#8
harrythook

Posted 18 March 2008 - 06:40 PM

Trusted Helper

Retired Staff
2,618 posts

Hey JOJO55
I am going to suggest some agressive removal there, I need to see one more log

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Close any open browsers.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
Open the OTScanit folder and double-click on OTScanit.exe to start the program.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file

If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

Post it up, and I will try to get your machine back in order

Harry

#9
JOJO55

Posted 18 March 2008 - 07:10 PM

Member

Topic Starter
Member
22 posts

OK hope it is in here somewhere. LOL Thanks for this

[code=auto:0]OTScanIt logfile created on: 3/18/2008 5:59:33 PM
OTScanIt by OldTimer - Version 1.0.5.2 Folder = C:\Documents and Settings\Adene Mega Butthead\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 473.61 Mb Available Physical Memory | 46.64% Memory free
2.39 Gb Paging File | 1.63 Gb Available in Paging File | 68.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 15.25 Gb Free Space | 44.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AS-4D3F3467D4F3
Current User Name: Adene Mega Butthead
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 9:08:40 AM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 5:06:33 PM | Attr = ]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 1:54:12 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr = ]
pmshost.exe -> %ProgramFiles%\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -> Pinnacle Systems [Ver = 1.1.232.0 | Size = 49152 bytes | Modified Date = 1/19/2006 9:22:20 AM | Attr = ]
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 3:46:34 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 3:50:30 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1149478484\EE\aolsoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 2:23:31 PM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/4/2006 8:36:01 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 159744 bytes | Modified Date = 10/14/2005 3:46:24 PM | Attr = ]
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 5:32:18 PM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 3:14:44 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 8/23/2006 4:56:57 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 5:30:44 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:33 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 8:20:54 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 8:33:07 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 2:38:18 PM | Attr = ]
x_bat.exe -> %ProgramFiles%\Bat\X_Bat.exe -> BatCo [Ver = 1.0.0.27 | Size = 178419 bytes | Modified Date = 3/15/2008 5:48:04 PM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 2:44:56 PM | Attr = ]
aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1149478484\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/23/2006 12:04:42 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1149478484\EE\aolsoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 2:23:31 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 3/15/2008 7:22:01 PM | Attr = ]
sunsetasp2.exe -> %AllUsersProfile%\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe -> AOL, Inc. [Ver = 1, 0, 1, 1 | Size = 53248 bytes | Modified Date = 3/15/2008 8:46:30 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.5.2 | Size = 310784 bytes | Modified Date = 3/14/2008 2:57:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 5:06:33 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 5/2/2007 8:28:07 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 3220856 bytes | Modified Date = 2/9/2008 5:06:25 PM | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(PinnacleSys.MediaServer) Pinnacle Systems Media Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -> Pinnacle Systems [Ver = 1.1.232.0 | Size = 49152 bytes | Modified Date = 1/19/2006 9:22:20 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 3/15/2008 7:22:01 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:33 PM | Attr = ]
AOLAspSunset2 -> %AllUsersProfile%\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe -> AOL, Inc. [Ver = 1, 0, 1, 1 | Size = 53248 bytes | Modified Date = 3/15/2008 8:46:30 PM | Attr = ]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 5:50:37 AM | Attr = R ]
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 6:47:22 PM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1149478484\EE\aolsoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 2:23:31 PM | Attr = ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 3:46:34 PM | Attr = ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 3:50:30 PM | Attr = ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 3:49:46 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 3:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 3:14:44 PM | Attr = ]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 5:32:18 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2/6/2008 11:49:38 PM | Attr = ]
PinnacleDriverCheck -> %SystemRoot%\system32\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/11/2004 12:26:10 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 8/23/2006 4:56:57 PM | Attr = ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/4/2006 8:36:01 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 5:30:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr = ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 8:20:54 AM | Attr = ]
Jwrfhjca -> %AppData%\Μіcrosoft.NET\аti2evxx.exe -> File not found
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 2:44:14 PM | Attr = ]
QdrPack14 -> %ProgramFiles%\QdrPack\QdrPack14.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 8:33:07 PM | Attr = ]
Taat -> %SystemRoot%\SSTEM3~1\ati2evxx.exe -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr = ]
< Adene Mega Butthead Startup Folder > -> C:\Documents and Settings\Adene Mega Butthead\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Bat - Auto Update.lnk -> %ProgramFiles%\Bat\Bat.exe -> BatCo [Ver = 1.0.0.27 | Size = 178419 bytes | Modified Date = 3/15/2008 5:48:04 PM | Attr = ]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 1.4.50 | Size = 450560 bytes | Modified Date = 8/23/2006 10:33:56 AM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
-> -> File not found
C:\WINDOWS\system32\mgmrwmrv.exe -> %SystemRoot%\system32\mgmrwmrv.exe -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 3:45:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000250-0320-4dd4-be4f-7566d2314352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{13197ace-6851-45c3-a7ff-c281324d5489} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{15651c7c-e812-44a2-a9ac-b467a2233e7d} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4e1075f4-eec4-4a86-add7-cd5f52858c31} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{5dafd089-24b1-4c5e-bd42-8ca72550717b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5fa6752a-c4a0-4222-88c2-928ae5ab4966} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{622cc208-b014-4fe0-801b-874a5e5e403a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{63F7460B-C831-4142-A4AA-5EC303EC4343} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bat\Bat.dll [Bat Class] -> BatCo [Ver = 1.0.0.27 | Size = 413696 bytes | Modified Date = 3/7/2008 9:15:12 PM | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 3/15/2008 7:23:09 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
{8674aea0-9d3d-11d9-99dc-00600f9a01f1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{965a592f-8efa-4250-8630-7960230792f1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9c5b2f29-1f46-4639-a6b4-828942301d3e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 73 | Size = 32867 bytes | Modified Date = 11/28/2007 4:51:55 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/2/2007 8:28:05 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/21/2007 8:33:07 PM | Attr = ]
{cf021f40-3e14-23a5-cba2-717765728274} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{fc3a74e5-f281-4f10-ae1e-733078684f3c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{ffff0001-0002-101a-a3c9-08002b2f49fb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/2/2007 8:28:05 PM | Attr = R ]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 472744 bytes | Modified Date = 4/20/2005 4:04:36 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 73 | Size = 327759 bytes | Modified Date = 11/28/2007 4:58:26 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/2/2007 8:28:05 PM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 5/2/2007 8:28:05 PM | Attr = R ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 472744 bytes | Modified Date = 4/20/2005 4:04:36 PM | Attr = ]
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn5\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}:{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 472744 bytes | Modified Date = 4/20/2005 4:04:36 PM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 15 | Size = 472744 bytes | Modified Date = 4/20/2005 4:04:36 PM | Attr = ]
&Yahoo! Search -> -> File not found
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1938A0F3-A2D9-453E-B2B8-9A54FEE7B905} -> (Dell Wireless 1370 WLAN Mini-PCI Card) ->
{CEF13AE2-30C4-4A7C-BEBF-317685D25A86} -> (Broadcom 440x 10/100 Integrated Controller) ->
{E7A3BAF7-4C7D-4F0A-BFFE-AF5A10EADE73} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader.cab[MySpace Uploader Control] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab[CPlayFirstddfotgControl Object] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->

[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 3/16/2008 10:34:15 AM | Attr = ]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 3/16/2008 10:34:07 AM | Attr = ]
cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 237728 bytes | Created Date = 3/16/2008 10:34:10 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 3/16/2008 12:25:11 AM | Attr = ]
PPCleanDeleteAtReboot.bat -> %SystemDrive%\PPCleanDeleteAtReboot.bat -> [Ver = | Size = 710 bytes | Created Date = 3/15/2008 6:00:58 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/15/2008 11:50:30 PM | Attr = ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 3/10/2008 2:45:50 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 3/10/2008 2:45:50 AM | Attr = H ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10563 bytes | Created Date = 3/15/2008 7:20:11 PM | Attr = ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 3/15/2008 7:20:11 PM | Attr = ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Created Date = 3/15/2008 7:20:11 PM | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
MSIXU.DLL -> %SystemRoot%\System32\MSIXU.DLL -> [Ver = | Size = 11008 bytes | Created Date = 3/16/2008 10:55:49 AM | Attr = ]
MSNSA32.dll -> %SystemRoot%\System32\MSNSA32.dll -> [Ver = | Size = 19968 bytes | Created Date = 3/15/2008 6:03:18 PM | Attr = ]
ntnut32.exe -> %SystemRoot%\System32\ntnut32.exe -> [Ver = | Size = 15872 bytes | Created Date = 3/15/2008 6:03:12 PM | Attr = ]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.3.3 | Size = 60800 bytes | Created Date = 3/15/2008 7:20:12 PM | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
shdocpe.dll -> %SystemRoot%\System32\shdocpe.dll -> [Ver = | Size = 13824 bytes | Created Date = 3/15/2008 6:03:13 PM | Attr = ]
SIPSPI32.dll -> %SystemRoot%\System32\SIPSPI32.dll -> [Ver = | Size = 13312 bytes | Created Date = 3/15/2008 6:40:25 PM | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/16/2008 9:57:30 AM | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/16/2008 9:57:29 AM | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/16/2008 9:57:28 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4084 bytes | Created Date = 3/16/2008 12:23:34 AM | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
WER8274.DLL -> %SystemRoot%\System32\WER8274.DLL -> [Ver = | Size = 26368 bytes | Created Date = 3/16/2008 10:55:49 AM | Attr = ]
winfrun32.bin -> %SystemRoot%\System32\winfrun32.bin -> [Ver = | Size = 4 bytes | Created Date = 3/15/2008 5:47:53 PM | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
123messenger.per -> %SystemRoot%\123messenger.per -> [Ver = | Size = 17152 bytes | Created Date = 3/15/2008 6:03:15 PM | Attr = ]
180ax.exe -> %SystemRoot%\180ax.exe -> [Ver = | Size = 11264 bytes | Created Date = 3/16/2008 10:55:48 AM | Attr = ]
2020search.dll -> %SystemRoot%\2020search.dll -> [Ver = | Size = 14592 bytes | Created Date = 3/16/2008 10:55:50 AM | Attr = ]
2020search2.dll -> %SystemRoot%\2020search2.dll -> [Ver = | Size = 31744 bytes | Created Date = 3/16/2008 10:55:51 AM | Attr = ]
apphelp32.dll -> %SystemRoot%\apphelp32.dll -> [Ver = | Size = 30464 bytes | Created Date = 3/16/2008 12:53:07 AM | Attr = ]
asferror32.dll -> %SystemRoot%\asferror32.dll -> [Ver = | Size = 11520 bytes | Created Date = 3/16/2008 12:53:07 AM | Attr = ]
asycfilt32.dll -> %SystemRoot%\asycfilt32.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/16/2008 12:53:07 AM | Attr = ]
athprxy32.dll -> %SystemRoot%\athprxy32.dll -> [Ver = | Size = 22016 bytes | Created Date = 3/16/2008 12:53:08 AM | Attr = ]
ati2dvaa32.dll -> %SystemRoot%\ati2dvaa32.dll -> [Ver = | Size = 14336 bytes | Created Date = 3/16/2008 12:53:08 AM | Attr = ]
ati2dvag32.dll -> %SystemRoot%\ati2dvag32.dll -> [Ver = | Size = 12544 bytes | Created Date = 3/16/2008 12:53:08 AM | Attr = ]
audiosrv32.dll -> %SystemRoot%\audiosrv32.dll -> [Ver = | Size = 18176 bytes | Created Date = 3/16/2008 12:53:08 AM | Attr = ]
autodisc32.dll -> %SystemRoot%\autodisc32.dll -> [Ver = | Size = 26112 bytes | Created Date = 3/16/2008 12:53:08 AM | Attr = ]
avifile32.dll -> %SystemRoot%\avifile32.dll -> [Ver = | Size = 19200 bytes | Created Date = 3/16/2008 12:53:09 AM | Attr = ]
avisynthex32.dll -> %SystemRoot%\avisynthex32.dll -> [Ver = | Size = 9728 bytes | Created Date = 3/16/2008 12:53:09 AM | Attr = ]
aviwrap32.dll -> %SystemRoot%\aviwrap32.dll -> [Ver = | Size = 23040 bytes | Created Date = 3/16/2008 12:53:09 AM | Attr = ]
bjam.dll -> %SystemRoot%\bjam.dll -> [Ver = | Size = 9216 bytes | Created Date = 3/16/2008 10:55:51 AM | Attr = ]
bokja.exe -> %SystemRoot%\bokja.exe -> [Ver = | Size = 19968 bytes | Created Date = 3/16/2008 10:55:52 AM | Attr = ]
browserad.dll -> %SystemRoot%\browserad.dll -> [Ver = | Size = 29440 bytes | Created Date = 3/16/2008 12:53:10 AM | Attr = ]
cdsm32.dll -> %SystemRoot%\cdsm32.dll -> [Ver = | Size = 28928 bytes | Created Date = 3/16/2008 10:55:53 AM | Attr = ]
changeurl_30.dll -> %SystemRoot%\changeurl_30.dll -> [Ver = | Size = 11008 bytes | Created Date = 3/16/2008 12:53:06 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 3/16/2008 12:55:35 AM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1913 bytes | Created Date = 3/16/2008 10:56:27 AM | Attr = ]
didduid.ini -> %SystemRoot%\didduid.ini -> [Ver = | Size = 8448 bytes | Created Date = 3/17/2008 9:10:46 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/15/2008 11:50:52 PM | Attr = ]
FLEOK -> %SystemRoot%\FLEOK -> [Folder | Created Date = 3/15/2008 6:03:20 PM | Attr = ]
msa64chk.dll -> %SystemRoot%\msa64chk.dll -> [Ver = | Size = 24832 bytes | Created Date = 3/16/2008 12:53:10 AM | Attr = ]
msapasrc.dll -> %SystemRoot%\msapasrc.dll -> [Ver = | Size = 30976 bytes | Created Date = 3/16/2008 12:53:11 AM | Attr = ]
mspphe.dll -> %SystemRoot%\mspphe.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/16/2008 10:55:51 AM | Attr = ]
mssvr.exe -> %SystemRoot%\mssvr.exe -> [Ver = | Size = 16384 bytes | Created Date = 3/16/2008 10:55:52 AM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/15/2008 11:50:28 PM | Attr = ]
ntnut.exe -> %SystemRoot%\ntnut.exe -> [Ver = | Size = 25856 bytes | Created Date = 3/15/2008 6:03:11 PM | Attr = ]
saiemod.dll -> %SystemRoot%\saiemod.dll -> [Ver = | Size = 17152 bytes | Created Date = 3/16/2008 10:55:46 AM | Attr = ]
salm.exe -> %SystemRoot%\salm.exe -> [Ver = | Size = 26112 bytes | Created Date = 3/16/2008 10:55:47 AM | Attr = ]
shdocpe.dll -> %SystemRoot%\shdocpe.dll -> [Ver = | Size = 18432 bytes | Created Date = 3/16/2008 1:00:50 AM | Attr = ]
shdocpl.dll -> %SystemRoot%\shdocpl.dll -> [Ver = | Size = 20224 bytes | Created Date = 3/16/2008 1:00:50 AM | Attr = ]
stcloader.exe -> %SystemRoot%\stcloader.exe -> [Ver = | Size = 9472 bytes | Created Date = 3/16/2008 10:55:54 AM | Attr = ]
swin32.dll -> %SystemRoot%\swin32.dll -> [Ver = | Size = 20480 bytes | Created Date = 3/16/2008 10:55:53 AM | Attr = ]
updatetc.exe -> %SystemRoot%\updatetc.exe -> [Ver = | Size = 11264 bytes | Created Date = 3/16/2008 10:55:47 AM | Attr = ]
voiceip.dll -> %SystemRoot%\voiceip.dll -> [Ver = | Size = 29440 bytes | Created Date = 3/16/2008 10:55:54 AM | Attr = ]
winsb.dll -> %SystemRoot%\winsb.dll -> [Ver = | Size = 16896 bytes | Created Date = 3/16/2008 1:00:49 AM | Attr = ]
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job -> [Ver = | Size = 524 bytes | Created Date = 3/15/2008 11:42:36 PM | Attr = ]
Norton AntiVirus - Run Full System Scan - Adene Mega Butthead.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Adene Mega Butthead.job -> [Ver = | Size = 600 bytes | Created Date = 3/15/2008 7:25:21 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 3/16/2008 10:34:15 AM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 3/16/2008 10:34:15 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/15/2008 11:47:37 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 3/16/2008 12:25:11 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/16/2008 12:48:57 AM | Attr = ]
PPCleanDeleteAtReboot.bat -> %SystemDrive%\PPCleanDeleteAtReboot.bat -> [Ver = | Size = 710 bytes | Modified Date = 3/15/2008 6:38:25 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/17/2008 9:10:47 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/16/2008 10:56:53 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified

#10
harrythook

Posted 18 March 2008 - 07:53 PM

Trusted Helper

Retired Staff
2,618 posts

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - Non-Microsoft Only]
YY -> x_bat.exe -> %ProgramFiles%\Bat\X_Bat.exe
YY -> symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> QdrPack14 -> %ProgramFiles%\QdrPack\QdrPack14.exe
YN -> Taat -> %SystemRoot%\SSTEM3~1\ati2evxx.exe
< Adene Mega Butthead Startup Folder > -> C:\Documents and Settings\Adene Mega Butthead\Start Menu\Programs\Startup
YY -> %UserProfile%\Start Menu\Programs\Startup\Bat - Auto Update.lnk -> %ProgramFiles%\Bat\Bat.exe
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YN ->  -> 
YN -> C:\WINDOWS\system32\mgmrwmrv.exe -> %SystemRoot%\system32\mgmrwmrv.exe
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> objects_aol.com [*] -> Out of zone range - ( 5 )
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {00000250-0320-4dd4-be4f-7566d2314352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {13197ace-6851-45c3-a7ff-c281324d5489} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {15651c7c-e812-44a2-a9ac-b467a2233e7d} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4e1075f4-eec4-4a86-add7-cd5f52858c31} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest]
YN -> {5dafd089-24b1-4c5e-bd42-8ca72550717b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5fa6752a-c4a0-4222-88c2-928ae5ab4966} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {622cc208-b014-4fe0-801b-874a5e5e403a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {63F7460B-C831-4142-A4AA-5EC303EC4343} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bat\Bat.dll [Bat Class]
YN -> {8674aea0-9d3d-11d9-99dc-00600f9a01f1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {965a592f-8efa-4250-8630-7960230792f1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {9c5b2f29-1f46-4639-a6b4-828942301d3e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO]
YN -> {cf021f40-3e14-23a5-cba2-717765728274} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {fc3a74e5-f281-4f10-ae1e-733078684f3c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {ffff0001-0002-101a-a3c9-08002b2f49fb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab[CPlayFirstddfotgControl Object]
[Files/Folders - Created Within 30 days]
NY -> PPCleanDeleteAtReboot.bat -> %SystemDrive%\PPCleanDeleteAtReboot.bat
NY -> 123messenger.per -> %SystemRoot%\123messenger.per
NY -> 180ax.exe -> %SystemRoot%\180ax.exe
NY -> 2020search.dll -> %SystemRoot%\2020search.dll
NY -> 2020search2.dll -> %SystemRoot%\2020search2.dll
NY -> FLEOK -> %SystemRoot%\FLEOK

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Harry

#11
JOJO55

Posted 18 March 2008 - 08:07 PM

Member

Topic Starter
Member
22 posts

Ok I copied and pasted ran fix didn't geta note pad thing, but am being told to restart to take effect? Do I or select cancel?

#12
JOJO55

Posted 18 March 2008 - 08:13 PM

Member

Topic Starter
Member
22 posts

Nevermind I think this is what you are looking for I am not computer smart at all.

[Processes - Non-Microsoft Only]
Process x_bat.exe killed successfully.
C:\Program Files\Bat\X_Bat.exe moved successfully.
Unable to kill process symlcsvc.exe .
File move failed. C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QdrPack14 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Taat deleted successfully.
C:\Program Files\Bat\Bat.exe moved successfully.
C:\Documents and Settings\Adene Mega Butthead\Start Menu\Programs\Startup\Bat - Auto Update.lnk moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\objects_aol.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000250-0320-4dd4-be4f-7566d2314352}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13197ace-6851-45c3-a7ff-c281324d5489}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15651c7c-e812-44a2-a9ac-b467a2233e7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1075f4-eec4-4a86-add7-cd5f52858c31}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dafd089-24b1-4c5e-bd42-8ca72550717b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{622cc208-b014-4fe0-801b-874a5e5e403a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63F7460B-C831-4142-A4AA-5EC303EC4343}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965a592f-8efa-4250-8630-7960230792f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c5b2f29-1f46-4639-a6b4-828942301d3e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf021f40-3e14-23a5-cba2-717765728274}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc3a74e5-f281-4f10-ae1e-733078684f3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffff0001-0002-101a-a3c9-08002b2f49fb}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ deleted successfully.
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Starting removal of ActiveX control {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}
C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.33.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\PPCleanDeleteAtReboot.bat moved successfully.
C:\WINDOWS\123messenger.per moved successfully.
C:\WINDOWS\180ax.exe moved successfully.
C:\WINDOWS\2020search.dll moved successfully.
C:\WINDOWS\2020search2.dll moved successfully.
C:\WINDOWS\FLEOK folder moved successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.5.2 fix logfile created on 03182008_190240

#13
harrythook

Posted 19 March 2008 - 04:35 AM

Trusted Helper

Retired Staff
2,618 posts

Good morning JOJO55,

Looks like that worked OK, lets run the scan again.
Open the OTScanit folder and double-click on OTScanit.exe to start the program.
Now click the Run Scan button on the toolbar.

Post the results as before, and let me know how the computer is reacting now.

HArry