Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I believe it is trojandownloaderxs

Started by Redneck23 , Apr 09 2008 02:45 AM

  • Please log in to reply

#1
Redneck23
Posted 09 April 2008 - 02:45 AM

Redneck23

    New Member

  • Member
  • Pip
  • 3 posts
I am new to the trojan viruses and have no idea what to do. My computer is a mess right now and it is making it very difficult to do anything. Anything you can do would be very much appreciated. I have downloaded some of the suggestions that have been made in similar threads. I will need a detailed step by step bc I have no idea what to do right now and feel really helpless. Please let me know what I can do to fix this. Thank you so much







EDIT: I BELIEVE I WAS ABLE TO FIX IT BUT MY COMPUTER IS HAVING ALL KINDS OF OTHER ISSUES NOW. MY COMPUTER ISN'T EXACTLY THE SAME AS BEFORE BUT I AM NOT GETTING ANY MORE POPUPS OR ANYTHING ELSE. i CAN'T UPDATE WINDOWS ANYMORE (this seems to be my main issue right now) AND NOW I AM REALLY FRUSTRATED. HOPE YOU HAVE TIME TO HELP


I JUST KEEP READING UR GUIDES AND TUTORIALS AND THEY REALLY HELPED. THIS SITE IS AMAZING AND HAS SOOO MUCH INFORMATION TO HELP PEOPLE. I CAN'T THANK YOU ENOUGH

Edited by Redneck23, 12 April 2008 - 10:20 AM.

  • 0

Advertisements

#2
Redneck23
Posted 09 April 2008 - 02:51 AM

Redneck23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I apologize if this is the wrong forum or spot for this post. My head is all jumbled right now and I am a bit frustrated. I have been working on this for 5 hours :)

Please work slowly with me bc I am not sure I understand all this stuff




I HAVE NO IDEA IF THIS IS WHAT YOU WANT:


Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-04-09 19:29:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: DVA Media - {A04FEAC5-E67D-4CDC-A767-A54CD429BBBC} - C:\WINDOWS\temlxopqbfe.dll (file missing)
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: billeo.lnk = C:\Program Files\Billeo\billeo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.98.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9986 bytes

-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 19:18:53 0 d-------- C:\WINDOWS\LastGood
2008-04-09 18:47:20 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 18:47:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 18:47:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 18:47:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 18:47:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 18:47:20 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 18:47:20 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 18:47:20 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-09 18:13:21 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-09 18:13:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-09 18:13:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-09 18:13:21 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-09 18:13:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-09 18:13:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-09 18:13:21 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-09 18:13:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-09 18:13:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-09 18:13:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-09 18:13:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-09 18:13:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-09 18:13:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 18:13:20 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 17:06:20 0 d-------- C:\WINDOWS\resources
2008-04-09 16:45:30 3984 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-09 16:44:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-09 16:44:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-09 16:44:57 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-09 16:44:57 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-09 16:44:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-09 16:44:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-09 16:44:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-09 14:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 14:07:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 14:07:58 0 d-------- C:\Documents and Settings\Jonathan\Application Data\SUPERAntiSpyware.com
2008-04-09 04:39:04 0 d-------- C:\Program Files\Trend Micro
2008-04-09 03:54:31 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
2008-04-09 03:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 03:54:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 03:37:37 0 d-------- C:\Program Files\XoftSpySE
2008-04-09 03:13:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-09 00:37:28 0 d-------- C:\WINDOWS\Prefetch
2008-04-08 23:55:30 0 d-------- C:\WINDOWS\setup.pss
2008-04-08 20:58:13 0 d-------- C:\Documents and Settings\All Users\Application Data\xudczwfm
2008-03-11 14:25:38 0 d-------- C:\Program Files\Bodog Poker


-- Find3M Report ---------------------------------------------------------------

2008-04-09 18:49:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-09 16:18:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-09 16:17:38 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Viewpoint
2008-04-09 16:17:33 0 d-------- C:\Program Files\Viewpoint
2008-04-09 14:07:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 02:42:28 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-09 02:41:19 0 d-------- C:\Program Files\Common Files
2008-04-09 01:57:12 0 d-------- C:\Program Files\HP
2008-04-09 01:42:24 87222 --a------ C:\WINDOWS\hpqins69.dat
2008-04-09 01:40:09 0 d-------- C:\Program Files\WildTangent
2008-04-09 01:16:25 0 d-------- C:\Program Files\HPQ
2008-04-09 01:15:17 0 d-------- C:\Program Files\music_now
2008-04-09 00:52:31 90128 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-09 00:24:40 34284 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-07 22:33:47 2125 --a------ C:\Documents and Settings\Jonathan\Application Data\autobahn.log
2008-04-03 20:26:00 0 d-------- C:\Program Files\Java
2008-03-31 11:33:54 0 d-------- C:\Program Files\Billeo
2008-03-27 22:40:48 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Adobe
2008-03-13 20:56:34 0 d-------- C:\Program Files\PokerStars
2008-03-10 20:22:27 0 d-------- C:\Program Files\Norton Internet Security
2008-02-28 01:51:35 0 d-------- C:\Program Files\LimeWire
2008-02-26 18:14:36 0 d-------- C:\Program Files\Lavasoft
2008-02-18 03:53:06 0 d-------- C:\Program Files\AIM
2008-02-18 03:53:00 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Aim
2008-02-18 03:48:25 0 d-------- C:\Program Files\AIM6
2008-02-10 23:59:49 0 d-------- C:\Program Files\Microsoft ActiveSync


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A04FEAC5-E67D-4CDC-A767-A54CD429BBBC}]
C:\WINDOWS\temlxopqbfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 16:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 07:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 17:45]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 10:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - C:\Program Files\Billeo\billeo.exe [2007-08-30 23:15:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-09 16:37 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER



-- End of Deckard's System Scanner: finished at 2008-04-09 19:30:48 ------------

Edited by Redneck23, 09 April 2008 - 05:32 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP