First off, I'd like to say for the record that the people creating these ill-ware programs should all be tossed into prison.
I have many types of unwanted "ware" on my computer. So far I have not been successful at removing them and I am reluctant to try the more advanced tools like "KillBox" without proper guidance, so I would very much appreciate any help I can get.
Current Symptoms:
(1) Error message during startup "An exception occurred wile trying to run C:\windows\system32\swmstore.dll" (dll name changes each time at startup)
(2) AdDestroyer trying to install
(3) Virtual bouncer trying to install
I have run (in safe mode first, then in normal boot mode):
(1) AdAware SE which cannot seem to kill the "VX2" malware
(C:\windows\system32\hr8s0517e.dll)
(C:\windows\system32\guard.tmp)
(2) SpyBot which could not kill the following:
"CoolWWWSearch.BootConf"
"CoolWWWSearch.Loadbat"
"CoolWWWSearch.MSConfd"
"CoolWWWSearch.Oslogo"
"CoolWWWSearch.Tapicfg"
"CoolWWWSearch.Xmlmimefilter"
"Virtual Bouncer"
(3) CWShredder(version 2.0 since version 2.12 doesn't work for me) which says it
removes "CWS.BootConf" and restores host file redirections, but the cool search
pieces always come back after reboot.
(4) Microsoft AntiVirus which says it kills Virtual Bouncer and AdDestroyer, but they come back.
(5) Norton Antivirus Which found nothing.
(5) HiJackThis -- Items I "Fix" come back (E.g. O1 - Hosts: 69.20.16.183 ieautosearch; 04 - Startup:Thumbs.db)
Here is my HiJackThis Log:
------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 8:48:02 PM, on 1/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Joel Smith\My Documents\DownLoads\Malware Fighting\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.search...k=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.search...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://search.search...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search...look=stmpl1&fw=
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Thumbs.db
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton
AntiVirus\navapw32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupd...7609.8604513889
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://64.75.174.5/push.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
End of HiJackThis Log
--------------------------
Start of FindIT Log
----------------------------
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: C:\Documents and Settings\Joel Smith\My
Documents\DownLoads\Malware Fighting\Find It NT-2K-XP
------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 07D1-0317
Directory of C:\WINDOWS\System32
01/19/2005 08:16 PM 224,988 hrru0599e.dll
01/19/2005 07:12 PM 222,883 ennol1531.dll
01/17/2005 02:20 PM 225,233 f0l0la3m1d.dll
01/17/2005 12:31 PM 223,183 lv2q09f5e.dll
01/17/2005 12:22 PM 223,183 lvj4091qe.dll
01/15/2005 06:43 PM 223,183 lv4409hqe.dll
01/13/2005 10:14 AM 225,685 n24s0ch7ef4.dll
01/09/2005 05:00 PM 225,908 jt0s07d7e.dll
01/09/2005 02:26 PM 223,230 m4460ehseh460.dll
01/08/2005 02:15 PM 223,230 SYNYHCY.DLL
01/06/2005 10:25 AM 223,765 lv0o09d3e.dll
01/04/2005 09:30 PM 224,054 enp6l17s1.dll
01/02/2005 04:45 PM 224,462 sRmlib.dll
12/27/2004 08:10 PM 223,887 lvn2095oe.dll
12/27/2004 06:06 PM 222,602 l4r0le9m1h.dll
12/27/2004 06:02 PM 225,593 kedgkl.dll
12/27/2004 02:42 PM 225,044 wxhisn.dll
12/25/2004 07:31 PM 226,157 l4p20e7oeh.dll
12/25/2004 07:28 PM 226,157 srmapi.dll
12/25/2004 01:37 PM 225,044 hwetmon.dll
12/22/2004 10:38 AM 225,228 fp6m03j1e.dll
12/21/2004 05:02 PM 223,365 fplm0331e.dll
12/15/2004 06:47 PM 512 Xej7.a7q
11/18/2004 08:21 PM 512 Flr0i.a99
11/16/2004 08:20 PM 512 Dqk5Y.8x1
10/25/2004 11:42 AM 512 Xej7.b7q
10/11/2004 07:55 PM 512 BnyLS.46s
09/17/2004 02:45 PM 512 YkvIP.h5p
09/16/2004 02:45 PM 512 Zgl8.du7
09/14/2004 02:45 PM 512 Elq0h.z89
09/13/2004 02:45 PM 512 Dkp0h.y89
09/09/2004 12:46 PM 253,979 BrvxMFLv.exe
09/09/2004 12:46 PM 253,979 Xkxj.exe
09/09/2004 12:46 PM 253,979 OmacI.exe
09/09/2004 12:46 PM 253,979 Cjo9gQ88.exe
09/09/2004 12:46 PM 253,979 AyeYd.exe
09/09/2004 11:33 AM 1,104 Dvy137.6rz
09/02/2004 12:01 PM 1,104 Szep85ln.cvb
08/31/2004 12:01 PM 1,104 Rydo84k.lat
08/26/2004 11:36 AM 1,104 UbgrYPnp.exd
08/24/2004 11:36 AM 1,104 LutB.13c
08/19/2004 07:21 PM 1,104 ZkvIQ.i5q
08/09/2004 01:14 PM 1,104 TagqXPmo.dwc
08/08/2004 01:15 PM 253,973 Nahn.exe
08/08/2004 01:15 PM 253,973 Xhv3bo4A.exe
08/08/2004 01:15 PM 253,973 SczONI3.exe
08/08/2004 01:15 PM 253,973 Qxw3.exe
08/08/2004 01:15 PM 253,973 Vdnykb.exe
08/08/2004 01:15 PM 253,973 Epb3.exe
08/06/2004 10:46 PM 1,104 Arzh0g6.5ow
08/04/2004 09:46 AM 1,104 Diam4yYT.0v1
07/09/2004 12:11 PM 1,104 MliBY92.ze2
06/29/2004 11:59 AM 1,104 Zmg4.86t
06/22/2004 11:23 AM 1,104 VbhrYQop.exd
06/21/2004 11:23 AM 1,104 GnsDk.b90
06/14/2004 11:19 AM 1,104 Cjo9g.x88
06/11/2004 04:09 PM 1,104 Ahm8.ev7
06/08/2004 04:08 PM 1,188 JqvGme.017
04/09/2004 02:30 PM 1,104 Rydo84km.bua
03/13/2004 07:15 PM 1,020 Elq0i.z99
02/18/2004 12:30 PM 458,773 IvgkmB.exe
01/25/2004 04:55 PM 442,389 RypT0v1Z.exe
01/07/2004 04:37 PM 1,104 Vpi2lmBU.akh
01/07/2004 04:37 PM 225,301 Vyw4.exe
01/07/2004 04:37 PM 225,301 CerHP4.exe
01/07/2004 04:37 PM 225,301 Sty5.exe
01/07/2004 04:37 PM 225,301 Udnp3JE1.exe
01/07/2004 04:37 PM 225,301 Qww2.exe
01/07/2004 03:49 PM 1,020 MtyJ62F.g8o
01/07/2004 03:49 PM 1,104 Pwbm74i.k9s
01/04/2004 03:49 PM 1,104 Szep85lm.bua
11/22/2003 04:34 PM 1,020 Bin9.ew7
11/20/2003 03:17 PM 225,301 XlwAC636.exe
11/20/2003 03:17 PM 225,301 Xit05.exe
11/20/2003 03:17 PM 225,301 Iyc1.exe
11/20/2003 03:17 PM 225,301 Wswrb9.exe
11/20/2003 03:17 PM 225,301 AieOnW4m.exe
11/20/2003 03:17 PM 225,301 ZhrH.exe
10/30/2002 05:26 PM 32 {756E2763-05F6-4BB2-BE0B-E8222978819B}.dat
10/24/2002 09:17 PM <DIR> Microsoft
10/24/2002 08:38 PM <DIR> dllcache
04/05/2001 09:43 AM 94,208 msstkprp.dll
80 File(s) 11,233,342 bytes
2 Dir(s) 42,001,760,256 bytes free
------- Hidden Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 07D1-0317
Directory of C:\WINDOWS\System32
01/19/2005 07:40 PM <DIR> vmss
01/19/2005 07:40 PM <DIR> wsxsvc
12/15/2004 06:47 PM 512 Xej7.a7q
11/18/2004 08:21 PM 512 Flr0i.a99
11/16/2004 08:20 PM 512 Dqk5Y.8x1
10/25/2004 11:42 AM 512 Xej7.b7q
10/11/2004 07:55 PM 512 BnyLS.46s
09/17/2004 02:45 PM 512 YkvIP.h5p
09/16/2004 02:45 PM 512 Zgl8.du7
09/14/2004 02:45 PM 512 Elq0h.z89
09/13/2004 02:45 PM 512 Dkp0h.y89
09/09/2004 12:46 PM 253,979 OmacI.exe
09/09/2004 12:46 PM 253,979 BrvxMFLv.exe
09/09/2004 12:46 PM 253,979 Xkxj.exe
09/09/2004 12:46 PM 253,979 Cjo9gQ88.exe
09/09/2004 12:46 PM 253,979 AyeYd.exe
09/09/2004 12:29 PM 488 WindowsLogon.manifest
09/09/2004 12:29 PM 488 logonui.exe.manifest
09/09/2004 12:29 PM 749 sapi.cpl.manifest
09/09/2004 12:29 PM 749 wuaucpl.cpl.manifest
09/09/2004 12:29 PM 749 ncpa.cpl.manifest
09/09/2004 12:29 PM 749 nwc.cpl.manifest
09/09/2004 12:29 PM 749 cdplayer.exe.manifest
09/09/2004 11:33 AM 1,104 Dvy137.6rz
09/02/2004 12:01 PM 1,104 Szep85ln.cvb
08/31/2004 12:01 PM 1,104 Rydo84k.lat
08/26/2004 11:36 AM 1,104 UbgrYPnp.exd
08/24/2004 11:36 AM 1,104 LutB.13c
08/19/2004 07:21 PM 1,104 ZkvIQ.i5q
08/09/2004 01:14 PM 1,104 TagqXPmo.dwc
08/08/2004 01:15 PM 253,973 Xhv3bo4A.exe
08/08/2004 01:15 PM 253,973 Nahn.exe
08/08/2004 01:15 PM 253,973 Qxw3.exe
08/08/2004 01:15 PM 253,973 Vdnykb.exe
08/08/2004 01:15 PM 253,973 SczONI3.exe
08/08/2004 01:15 PM 253,973 Epb3.exe
08/06/2004 10:46 PM 1,104 Arzh0g6.5ow
08/04/2004 09:46 AM 1,104 Diam4yYT.0v1
07/09/2004 12:11 PM 1,104 MliBY92.ze2
06/29/2004 11:59 AM 1,104 Zmg4.86t
06/22/2004 11:23 AM 1,104 VbhrYQop.exd
06/21/2004 11:23 AM 1,104 GnsDk.b90
06/14/2004 11:19 AM 1,104 Cjo9g.x88
06/11/2004 04:09 PM 1,104 Ahm8.ev7
06/08/2004 04:08 PM 1,188 JqvGme.017
04/09/2004 02:30 PM 1,104 Rydo84km.bua
03/13/2004 07:15 PM 1,020 Elq0i.z99
02/18/2004 12:30 PM 458,773 IvgkmB.exe
01/25/2004 04:55 PM 442,389 RypT0v1Z.exe
01/07/2004 04:37 PM 1,104 Vpi2lmBU.akh
01/07/2004 04:37 PM 225,301 Vyw4.exe
01/07/2004 04:37 PM 225,301 CerHP4.exe
01/07/2004 04:37 PM 225,301 Sty5.exe
01/07/2004 04:37 PM 225,301 Udnp3JE1.exe
01/07/2004 04:37 PM 225,301 Qww2.exe
01/07/2004 03:49 PM 1,020 MtyJ62F.g8o
01/07/2004 03:49 PM 1,104 Pwbm74i.k9s
01/04/2004 03:49 PM 1,104 Szep85lm.bua
11/22/2003 04:34 PM 1,020 Bin9.ew7
11/20/2003 03:17 PM 225,301 XlwAC636.exe
11/20/2003 03:17 PM 225,301 Xit05.exe
11/20/2003 03:17 PM 225,301 Iyc1.exe
11/20/2003 03:17 PM 225,301 Wswrb9.exe
11/20/2003 03:17 PM 225,301 AieOnW4m.exe
11/20/2003 03:17 PM 225,301 ZhrH.exe
10/30/2002 05:26 PM 32 {756E2763-05F6-4BB2-BE0B-E8222978819B}.dat
10/24/2002 08:38 PM <DIR> dllcache
64 File(s) 6,207,791 bytes
3 Dir(s) 42,001,743,872 bytes free
------------ Files Named "Guard" ---------------
Volume in drive C has no label.
Volume Serial Number is 07D1-0317
Directory of C:\WINDOWS\System32
01/19/2005 08:19 PM 222,883 guard.tmp
1 File(s) 222,883 bytes
0 Dir(s) 42,001,727,488 bytes free
------ Temp Files in System32 Directory ------
Volume in drive C has no label.
Volume Serial Number is 07D1-0317
Directory of C:\WINDOWS\System32
01/19/2005 08:19 PM 222,883 guard.tmp
08/03/2004 11:56 PM 1,236,480 ~GLH0019.TMP
08/03/2004 11:56 PM 1,236,480 msxml3.dll.tmp
08/03/2004 11:56 PM 1,236,480 ~GLH0014.TMP
05/19/2004 08:21 AM 560 tmpmpt1.tmp
08/23/2001 12:00 PM 2,577 CONFIG.TMP
01/15/2001 03:54 PM 425,760 tbc1.tmp
01/15/2001 08:54 AM 425,760 tbc61.tmp
8 File(s) 4,786,980 bytes
0 Dir(s) 42,001,711,104 bytes free
------------------ User Agent ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
"{47F277F1-216F-4D7B-AEA2-53B2BD1A6164}"=""
------------- Keys Under Notify -------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Group Policy]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ennol1531.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
------------- Locate.com Results -------------
C:\WINDOWS\SYSTEM32\
srmapi.dll Sat Dec 25 2004 7:28:36p ..S.R 226,157 220.86 K
wxhisn.dll Mon Dec 27 2004 2:42:28p ..S.R 225,044 219.77 K
synyhcy.dll Sat Jan 8 2005 2:15:34p ..S.R 223,230 217.99 K
hwetmon.dll Sat Dec 25 2004 1:37:26p ..S.R 225,044 219.77 K
lv4409~1.dll Sat Jan 15 2005 6:43:24p ..S.R 223,183 217.95 K
flr0i.a99 Thu Nov 18 2004 8:21:36p ..SH. 512 0.50 K
ennol1~1.dll Wed Jan 19 2005 7:12:26p ..S.R 222,883 217.66 K
jt0s07~1.dll Sun Jan 9 2005 5:00:44p ..S.R 225,908 220.61 K
lvj409~1.dll Mon Jan 17 2005 12:22:54p ..S.R 223,183 217.95 K
dqk5y.8x1 Tue Nov 16 2004 8:20:10p ..SH. 512 0.50 K
m4460e~1.dll Sun Jan 9 2005 2:26:10p ..S.R 223,230 217.99 K
lv2q09~1.dll Mon Jan 17 2005 12:31:30p ..S.R 223,183 217.95 K
xej7.b7q Mon Oct 25 2004 11:42:34a ..SH. 512 0.50 K
lv0o09~1.dll Thu Jan 6 2005 10:25:16a ..S.R 223,765 218.52 K
enp6l1~1.dll Tue Jan 4 2005 9:30:32p ..S.R 224,054 218.80 K
n24s0c~1.dll Thu Jan 13 2005 10:14:20a ..S.R 225,685 220.39 K
xej7.a7q Wed Dec 15 2004 6:47:44p ..SH. 512 0.50 K
fplm03~1.dll Tue Dec 21 2004 5:02:08p ..S.R 223,365 218.13 K
f0l0la~1.dll Mon Jan 17 2005 2:20:46p ..S.R 225,233 219.95 K
hrru05~1.dll Wed Jan 19 2005 8:16:28p ..S.R 224,988 219.71 K
fp6m03~1.dll Wed Dec 22 2004 10:38:24a ..S.R 225,228 219.95 K
kedgkl.dll Mon Dec 27 2004 6:02:32p ..S.R 225,593 220.30 K
l4p20e~1.dll Sat Dec 25 2004 7:31:38p ..S.R 226,157 220.86 K
srmlib.dll Sun Jan 2 2005 4:45:16p ..S.R 224,462 219.20 K
l4r0le~1.dll Mon Dec 27 2004 6:06:56p ..S.R 222,602 217.38 K
lvn209~1.dll Mon Dec 27 2004 8:10:38p ..S.R 223,887 218.64 K
26 items found: 26 files, 0 directories.
Total of file sizes: 4,938,112 bytes 4.71 M
-------- Strings.exe Qoologic Results --------
C:\WINDOWS\SYSTEM32\hlhhlm.exe: updates.qoologic.com
--------- Strings.exe Aspack Results ---------
C:\WINDOWS\SYSTEM32\jsdvwsdk.dll: .aspack
-------------- HKLM Run Key ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"
-osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security
Center\\UsrPrmpt.exe"
"LTWinModem1"="ltmsg.exe 9"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"TraySantaCruz"="C:\\WINDOWS\\System32\\tbctray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponen
ts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponen
ts\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponen
ts\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponen
ts\MSFS]
"Installed"="1"
End of FindIT Log
-----------------------------
Sign In
Create Account
