Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack Log- Fake Visa Verification Site [CLOSED]


  • This topic is locked This topic is locked

#46
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please restart your computer. Before running a new scan lplease use ATF Cleaner to clean out the temporary folders.


Then, download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • >> In the Drivers section click on Non-Microsoft.
  • >> In the Rootkit section click on Yes.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - ActiveX StubPath
      Reg - App Paths
      Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to attach it as a file



Regards
fenzodahl512
  • 0

Advertisements


#47
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
[code=auto:0]OTScanIt logfile created on: 7/1/2008 6:17:07 PM
OTScanIt by OldTimer - Version 1.0.15.18 Folder = C:\Documents and Settings\Michael\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.48 Mb Total Physical Memory | 154.09 Mb Available Physical Memory | 30.25% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.51 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive D: | 55.55 Gb Total Space | 7.10 Gb Free Space | 12.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-4DA88152
Current User Name: Michael
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 3/14/2008 12:11:08 AM | Attr = ]
aawservice.exe -> D:\Program Files D Drive\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/19/2008 12:15:02 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
shwserv.exe -> %ProgramFiles%\Sony\giga pocket\shwserv.exe -> Sony Corporation [Ver = 5, 5, 41, 05120 | Size = 77824 bytes | Modified Date = 7/3/2003 8:29:24 PM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 65536 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ]
qbcfmonitorservice.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2804.16013 | Size = 20480 bytes | Modified Date = 9/5/2007 10:53:48 AM | Attr = ]
rm_sv.exe -> %ProgramFiles%\Sony\giga pocket\RM_SV.exe -> Sony Corporation [Ver = 5, 5, 0, 05280 | Size = 90112 bytes | Modified Date = 7/3/2003 8:28:32 PM | Attr = ]
hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 3.3.0.6260 | Size = 90112 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ]
ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ]
wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 9/24/2006 2:31:51 PM | Attr = ]
bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr = ]
hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 3.3.0.6260 | Size = 299008 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ]
opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 6/2/2008 11:13:26 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ]
bagent.exe -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 16.1.5.7 | Size = 87592 bytes | Modified Date = 5/7/2007 2:17:44 PM | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 9/12/1997 | Attr = ]
pcfmgr.exe -> %ProgramFiles%\PowerPanel\Program\PcfMgr.exe -> Phoenix Technologies Ltd. [Ver = 5.3.1.1 | Size = 872448 bytes | Modified Date = 6/23/2003 1:11:46 PM | Attr = ]
usbsircs.exe -> %ProgramFiles%\Sony\USBSircs\USBsircs.exe -> Sony Corporation [Ver = 5, 5, 00, 03191 | Size = 163840 bytes | Modified Date = 3/19/2003 9:55:32 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 6/2/2008 11:13:16 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 4:08:56 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.18 | Size = 397312 bytes | Modified Date = 6/27/2008 3:53:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> D:\Program Files D Drive\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/19/2008 12:15:02 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ]
(Giga Pocket Hardware Detector) Giga Pocket Hardware Detector [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\giga pocket\shwserv.exe -> Sony Corporation [Ver = 5, 5, 41, 05120 | Size = 77824 bytes | Modified Date = 7/3/2003 8:29:24 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 6/2/2008 11:13:16 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 65536 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ]
(QBCFMonitorService) QBCFMonitorService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2804.16013 | Size = 20480 bytes | Modified Date = 9/5/2007 10:53:48 AM | Attr = ]
(QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> Intuit Inc. [Ver = 1.2.0.5 | Size = 61440 bytes | Modified Date = 5/24/2007 8:08:44 AM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
(Sony TV Tuner Controller) Sony TV Tuner Controller [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\giga pocket\halsv.exe -> Sony Corporation [Ver = 5.5.03.05270 | Size = 118784 bytes | Modified Date = 6/11/2003 2:35:42 PM | Attr = ]
(Sony TV Tuner Manager) Sony TV Tuner Manager [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Sony\giga pocket\RM_SV.exe -> Sony Corporation [Ver = 5, 5, 0, 05280 | Size = 90112 bytes | Modified Date = 7/3/2003 8:28:32 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.2.00.12242 | Size = 65536 bytes | Modified Date = 12/24/2002 2:01:22 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-AppServer) VAIO Media Music Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -> Sony Corporation [Ver = 2.6.00.07010 | Size = 495705 bytes | Modified Date = 7/1/2003 9:53:48 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-AppServer) VAIO Media Photo Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 6, 0,06300 | Size = 925696 bytes | Modified Date = 6/30/2003 8:35:22 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ]
(VAIOMediaPlatform-VideoServer-AppServer) VAIO Media Video Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -> Sony Corporation [Ver = 2, 6, 00,06300 | Size = 1196032 bytes | Modified Date = 6/30/2003 8:38:40 PM | Attr = ]
(VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ]
(VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 3/14/2008 12:11:08 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 3.0.0.6 | Size = 21504 bytes | Modified Date = 11/21/2003 10:14:56 AM | Attr = ]
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.220 | Size = 93700 bytes | Modified Date = 6/11/2003 12:35:58 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ]
(DMICall) Sony DMI Call service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 12/5/2000 7:18:02 PM | Attr = R ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 11/30/2006 5:00:00 AM | Attr = ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 3, 1, 0 | Size = 9728 bytes | Modified Date = 6/8/2004 3:57:57 PM | Attr = ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 0, 0, 1 | Size = 3968 bytes | Modified Date = 6/8/2004 3:57:57 PM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(HSFHWSIS) HSFHWSIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWSIS.sys -> Conexant Systems, Inc. [Ver = 6.01.18 | Size = 156288 bytes | Modified Date = 3/13/2003 5:19:00 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 6.01.18 | Size = 1106944 bytes | Modified Date = 3/13/2003 5:15:00 PM | Attr = ]
(KLIF) KLIF [Kernel | On_Demand | Stop_Pending] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.295 | Size = 186128 bytes | Modified Date = 7/19/2007 4:10:32 PM | Attr = ]
(LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 2.4.1.21 | Size = 323200 bytes | Modified Date = 7/1/2003 11:17:16 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.1.012 | Size = 11044 bytes | Modified Date = 12/11/2002 2:22:00 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 1247390 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ]
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\Pcouffin.sys -> File not found
(pelmouse) Mouse Suite Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PELMOUSE.SYS -> Primax Electronics Ltd. [Ver = 1.4.0.0 | Size = 17251 bytes | Modified Date = 6/28/2002 9:21:40 PM | Attr = ]
(pelusblf) USB Mouse Low Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PELUSBlf.SYS -> Primax Electronics Ltd. [Ver = 1.4.1.7 | Size = 7520 bytes | Modified Date = 7/24/2001 1:34:34 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8/15/2007 6:33:10 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(SbcpHid) SbcpHid [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SbcpHid.sys -> [Ver = 5,00,21,0 | Size = 38176 bytes | Modified Date = 1/19/2001 10:51:11 AM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 4/13/2008 12:39:15 PM | Attr = ]
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1140 built by: WinDDK | Size = 30848 bytes | Modified Date = 12/24/2002 7:09:48 PM | Attr = ]
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 7/11/2002 3:39:34 AM | Attr = ]
(smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smrt.sys -> Sony Corporation [Ver = 1.1.03.08150 | Size = 764288 bytes | Modified Date = 8/15/2003 1:55:50 PM | Attr = ]
(SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 11/9/2000 11:15:08 PM | Attr = ]
(SPI) Sony Programmable I/O Control Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SonyPI.sys -> Sony Corporation [Ver = 7, 0, 3, 820 | Size = 71961 bytes | Modified Date = 8/20/2002 3:59:32 PM | Attr = ]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.3782 | Size = 219024 bytes | Modified Date = 3/22/2003 1:30:58 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.3.1 | Size = 107696 bytes | Modified Date = 5/16/2006 2:34:37 PM | Attr = ]
(TSP) TSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.295 | Size = 186128 bytes | Modified Date = 7/19/2007 4:10:32 PM | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 2/18/2008 11:16:24 AM | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Modified Date = 3/14/2008 12:11:18 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 6.01.18 built by: WinDDK | Size = 622592 bytes | Modified Date = 3/13/2003 5:17:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr = ]
ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\System32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ]
HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe [C:\Program Files\Sony\HotKey Utility\HKserv.exe] -> Sony Corporation [Ver = 3.3.0.6260 | Size = 90112 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 6/2/2008 11:13:26 AM | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 4612096 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"] -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 9/30/2003 1:14:58 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ]
VAIO Recovery -> %SystemRoot%\SONYSYS\VAIO Recovery\PartSeal.exe [C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe] -> Sony Electronics Inc [Ver = 1.0.2 | Size = 28672 bytes | Modified Date = 4/20/2003 1:08:42 AM | Attr = ]
WD Button Manager -> %SystemRoot%\system32\WDBtnMgr.exe [WDBtnMgr.exe] -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 9/24/2006 2:31:51 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 3/14/2008 12:11:10 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe [C:\Program Files\Quicken\bagent.exe] -> Intuit Inc. [Ver = 16.1.5.7 | Size = 87592 bytes | Modified Date = 5/7/2007 2:17:44 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 9/12/1997 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 9/12/1997 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\PowerPanel.lnk -> %ProgramFiles%\PowerPanel\Program\PcfMgr.exe -> Phoenix Technologies Ltd. [Ver = 5.3.1.1 | Size = 872448 bytes | Modified Date = 6/23/2003 1:11:46 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 18.0 R1 | Size = 972064 bytes | Modified Date = 9/11/2007 9:38:44 AM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Remocon Driver.lnk -> %ProgramFiles%\Sony\USBSircs\USBsircs.exe -> Sony Corporation [Ver = 5, 5, 00, 03191 | Size = 163840 bytes | Modified Date = 3/19/2003 9:55:32 PM | Attr = ]
< Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ckpNotify -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DW-U50A_____________________1.5d____\4145424438313946_0_0_0_0_0_0_0_0_0_0_0_0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4593 domain(s) found. ->
41 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4585 domain(s) found. ->
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
{3E230861-5C87-11D3-A1C6-00105A1B41B8}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [SideStep] -> File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} [HKEY_LOCAL_MACHINE] -> [SideStep] -> File not found
CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download with &DAP -> Reg Error: Value does not exist or could not be read. -> File not found
Download &all with DAP -> Reg Error: Value does not exist or could not be read. -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ]
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ]
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ]
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{17B862B6-8450-4D45-8B32-78FC1B919154} -> 209.137.160.7,209.137.171.10 (SiS 900-Based PCI Fast Ethernet Adapter) ->
{6ADE8416-86AB-406A-B7FC-F18D5F6D289D} -> (1394 Net Adapter) ->
{8FBFBC00-AD0A-4964-B146-228F1D50AC2F} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) ->
{AC05DEDB-A2E0-463D-A9EA-67D2226B877C} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
intu-help-qb1:{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll[Intuit Help System Async Pluggable Protocol (v1) for QuickBooks] -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 70944 bytes | Modified Date = 9/11/2007 9:38:02 AM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{640B39C1-D713-464F-92C3-75BD972B95EE}[HKEY_LOCAL_MACHINE] -> http://www.sidestep.com/get/k42037/sb02a.cab[Reg Error: Key does not exist or could not be opened.] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213760249984[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1214864743571&h=42d73f1f0df1ef585071d481b75a0c05/&filename=jinstall-6u6-windows-i586-jc.cab[Java Plug-in 1.6.0_06] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
ChatSpace Java Client 4.0.0.325[HKEY_LOCAL_MACHINE] -> http://chat.scout.com/ChatSpace/Java/cms40325.cab[Reg Error: Key does not exist or could not be opened.] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\\.Owner -> {64696FB5-BA15-4920-B789-F35D3FC0A36A} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\\{64696FB5-BA15-4920-B789-F35D3FC0A36A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\.Owner -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\.Owner -> {79849612-A98F-45B8-95E9-4D13C7B6B35C} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program
  • 0

#48
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I think it got cut-off so I uploaded the file.

Attached Files


  • 0

#49
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, IMPORTANT!.. First of all, we need to create a Restore Point before continue with this fix.. Please visit here for instruction on how to create a Restore Point.



Tell me, Do you create these files, C:\555.gif and C:\Advanced Visa Verification.jpg



After create the Restore Point, open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {3E230861-5C87-11D3-A1C6-00105A1B41B8}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [SideStep]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} [HKEY_LOCAL_MACHINE] -> [SideStep]
YN -> CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\.Owner -> {79849612-A98F-45B8-95E9-4D13C7B6B35C}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\\.Owner -> {E0CE16CB-741C-4B24-8D04-A817856E07F4}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx\\.Owner -> {E0CE16CB-741C-4B24-8D04-A817856E07F4}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx\\.Owner -> Unknown Owner
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\\.Owner -> {E0CE16CB-741C-4B24-8D04-A817856E07F4}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\\.Owner -> {640B39C1-D713-464F-92C3-75BD972B95EE}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\\{640B39C1-D713-464F-92C3-75BD972B95EE} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx\\.Owner -> {79849612-A98F-45B8-95E9-4D13C7B6B35C}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\\.Owner -> {E0CE16CB-741C-4B24-8D04-A817856E07F4}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll\\.Owner -> {C886256C-7A63-4213-AD2F-02AD3735DF06}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll\\{C886256C-7A63-4213-AD2F-02AD3735DF06} -> 
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here. I will review the information when it comes back in.





NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\prefs.js)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis





NEXT



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\555.gif
C:\Advanced Visa Verification.jpg
C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt
C:\WINDOWS\Downloaded Program Files\AdStatServX.dll
C:\WINDOWS\Downloaded Program Files\loader2.ocx
C:\WINDOWS\Downloaded Program Files\mm21.ocx
C:\WINDOWS\Downloaded Program Files\mm30.ocx
C:\WINDOWS\Downloaded Program Files\mm62.ocx
C:\WINDOWS\Downloaded Program Files\mm63.ocx
C:\WINDOWS\Downloaded Program Files\PURen-us.dll
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
C:\WINDOWS\Downloaded Program Files\website.ocx
C:\WINDOWS\Downloaded Program Files\WinStatX.dll
C:\WINDOWS\System32\sysdrc.dll
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply... Post each log in separate post..

1. OTMoveIt2
2. a fresh Deckard System Scanner (after OTMoveIt2 steps)
3. attach a fresh OTScanIt log..
4. Tell me about the pop-ups..


Regards
fenzodahl512

Edited by fenzodahl512, 02 July 2008 - 08:22 AM.

  • 0

#50
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I'm at work so I don't have access to my computer. However I'm 99% sure that I didn't create those files (especially the 2nd one). The C:\Advanced Visa Verification.jpg is the first line of the pop-up that keeps appearing.

Do you think this fix will not only remove the jpgs but also remove the malware that causing the pop-up to appear?

I'll start your recommended steps around 5:30pm EST and then post the results.

I have a good feeling about this one :)

Thanks.
  • 0

#51
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I'm at work so I don't have access to my computer. However I'm 99% sure that I didn't create those files (especially the 2nd one). The C:\Advanced Visa Verification.jpg is the first line of the pop-up that keeps appearing.

Do you think this fix will not only remove the jpgs but also remove the malware that causing the pop-up to appear?

I'll start your recommended steps around 5:30pm EST and then post the results.

I have a good feeling about this one :)

Thanks.



Ok.. Will wait for you.. The reason I asked about those two files is I wonder if you created both of it to attach it here (as I request the screenie remember :) )



Please take note that I've edited my previous instruction... Please create Restore Point before performing the steps above..

Should you have any questions, please ask before proceeding with the step...


Regards
fenzodahl512
  • 0

#52
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I created the restore point and preceded with the next steps.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm30.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm62.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysdrc.dll not found.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.18 fix logfile created on 07022008_231051

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be moved on reboot.
  • 0

#53
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I ran OTMoveIT twice so I posted both logs:

Explorer killed successfully
C:\555.gif moved successfully.
C:\Advanced Visa Verification.jpg moved successfully.
C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\chrome moved successfully.
C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\Cache moved successfully.
C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt moved successfully.
File/Folder C:\WINDOWS\Downloaded Program Files\AdStatServX.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\loader2.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm21.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm30.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm62.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm63.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\PURen-us.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\website.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\WinStatX.dll not found.
File/Folder C:\WINDOWS\System32\sysdrc.dll not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_233028

--------------------------------------

Explorer killed successfully
File/Folder C:\555.gif not found.
File/Folder C:\Advanced Visa Verification.jpg not found.
File/Folder C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt not found.
File/Folder C:\WINDOWS\Downloaded Program Files\AdStatServX.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\loader2.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm21.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm30.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm62.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\mm63.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\PURen-us.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\website.ocx not found.
File/Folder C:\WINDOWS\Downloaded Program Files\WinStatX.dll not found.
File/Folder C:\WINDOWS\System32\sysdrc.dll not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_233145

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be moved on reboot.
  • 0

#54
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Deckard's System Scanner v20071014.68
Run by Michael on 2008-07-02 23:46:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 0.99 GiB (less than 15%) free.


-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:00, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
D:\PROGRA~1\Michael.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11200 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-06-30 18:27:34 0 d-------- C:\WINDOWS\Sun
2008-06-30 18:27:34 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2008-06-30 18:25:30 0 d-------- C:\Program Files\Java
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-29 23:09:44 2706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 23:08:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 23:08:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-29 23:08:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-29 23:08:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-29 23:08:44 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-29 23:08:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-29 23:08:43 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-29 23:08:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 21:57:48 0 d-------- C:\Documents and Settings\Michael\Application Data\ArcSoft
2008-06-29 12:17:02 0 d-------- C:\Documents and Settings\Michael\DoctorWeb
2008-06-28 23:36:58 0 d------c- C:\cmdcons
2008-06-28 13:29:23 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 13:29:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 13:29:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 13:29:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 13:29:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 13:29:23 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 13:29:23 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 13:29:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-22 23:44:25 0 d-------- C:\Program Files\Panda Security
2008-06-22 12:11:09 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 12:10:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 12:10:35 0 d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2008-06-22 11:34:24 0 d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-06-22 11:34:09 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 11:34:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 11:33:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 10:39:53 0 d------c- C:\VundoFix Backups
2008-06-19 00:10:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 23:45:26 34520 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-18 19:42:03 0 d-------- C:\Program Files\WebEx
2008-06-18 19:42:02 36864 --a------ C:\Documents and Settings\Michael\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2008-06-18 18:30:22 0 d-------- C:\Program Files\Bonjour
2008-06-18 01:13:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Template
2008-06-17 23:40:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 23:00:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-15 22:59:57 0 d-------- C:\Program Files\Common Files\Apple
2008-06-15 22:53:32 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-14 08:55:55 0 d-------- C:\WINDOWS\pss
2008-06-14 00:58:37 0 d-------- C:\WINDOWS\Prefetch
2008-06-14 00:44:15 0 d-------- C:\WINDOWS\system32\scripting
2008-06-14 00:44:08 0 d-------- C:\WINDOWS\l2schemas
2008-06-14 00:44:07 0 d-------- C:\WINDOWS\system32\en
2008-06-14 00:35:16 0 d-------- C:\WINDOWS\network diagnostic
2008-06-13 21:21:57 0 d-------- C:\WINDOWS\peernet
2008-06-13 21:21:53 0 d-------- C:\WINDOWS\provisioning
2008-06-13 21:17:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-13 21:08:10 0 d-------- C:\WINDOWS\EHome
2008-06-11 18:46:15 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2008-06-08 19:34:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 08:40:36 0 d------c- C:\Documents and Settings\Administrator\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-02 11:49:01 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files
2008-06-29 16:05:18 0 d-------- C:\Program Files\Common Files\Motive
2008-06-24 18:13:36 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-18 20:53:23 0 d-------- C:\Program Files\Windows NT
2008-06-18 19:06:03 0 d-------- C:\Program Files\Symantec
2008-06-18 19:05:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 19:04:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:59:16 0 d-------- C:\Program Files\Microsoft Money
2008-06-18 18:40:07 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:34:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-15 23:35:48 0 d-------- C:\Program Files\iTunes
2008-06-15 23:34:51 0 d-------- C:\Program Files\iPod
2008-06-15 23:19:36 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 23:12:10 0 d-------- C:\Program Files\QuickTime
2008-06-14 01:08:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 00:44:56 0 d-------- C:\Program Files\Messenger
2008-06-14 00:44:06 0 d-------- C:\Program Files\Movie Maker
2008-06-13 23:41:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 23:36:36 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 23:36:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Real
2008-06-12 18:40:08 0 d-------- C:\Program Files\imGiant
2008-05-31 09:15:55 0 d-------- C:\Program Files\BitComet
2008-05-28 10:08:20 0 d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2008-05-07 18:59:38 0 d-------- C:\Documents and Settings\Michael\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/02/2003 18:51]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/26/2003 19:00]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 13:29]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08]
"WD Button Manager"="WDBtnMgr.exe" [09/24/2006 14:31 C:\WINDOWS\system32\WDBtnMgr.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 21:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 14:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/14/2008 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [05/07/2007 14:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [9/12/1997]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 AM]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [9/12/1997]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [8/7/2003 5:45:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/11/2007 9:38:44 AM]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [9/11/2004 12:44:05 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
"c:\program files\support.com\client\bin\tgcmd.exe" /server

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-02 23:50:24 ------------
  • 0

#55
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
On second thought I may have created the jpg called Visa Advanced..... in order to show the screen shot.

I attached the OTScanIT log.

Attached Files


  • 0

Advertisements


#56
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I got the pop-up again :)

I thought we had it. Please let me know what to do next.
  • 0

#57
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I got the pop-up again :)

I thought we had it. Please let me know what to do next.



Ermm.. That is not good.. I need to do some thinking on this one.. Please bear with me :)
  • 0

#58
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)
  • 0

#59
decane

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I'm not sure what happened. The log is extremely short.

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

Please let me know what to do next. I'm not working the next 3 days so I should have a lot of time to work on it.

Thanks again.
  • 0

#60
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP