1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Also have "Cancelled due to Restrictions in effect on this computer."

Discussion in 'Malware and Virus Removal Archive' started by chip4687, 2007/10/16.

Page 1 of 2
  1. 2007/10/16
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    [Resolved]Also have "Cancelled due to Restrictions in effect on this computer. "

    Hello,

    I also have the same exact problem when trying to go to my "Set Programs accesses and defaults" or the control panel. I get "Cancelled due to Restrictions in effect on this computer." and many other problems on startup like C:\windows\shell.exe and error 0x8001021e and an atiptaxx.exe error. All this started yesterday.

    Below is Hijackthis file from a couple of minutes ago and nothing has been touched.

    Please help,
    Charles

    Logfile of HijackThis v1.99.1
    Scan saved at 6:21:31 PM, on 10/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\DOCUME~1\Charles\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177901551844
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
    chip4687,
    #1
  2. 2007/10/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    chip4687 - Welcome to the Board :)

    I have split your post to a new thread in the Removing Spyware & Viruses forum - I see one nastie at least. Our trained analyists will advise as soon as possible.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2007/10/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi chip4687

    Please follow all instructions in the order given.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Outerinfo
    OIN
    PurityScan
    WinAntiVirus

    Please note any other programs that you dont recognize in that list and post them in your next response

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page:
      • C:\WINDOWS\PPPATC~1\mmc.exe
    • Click on the submit button
    • Please post the results in your next reply.

    Do you know what this is?
    C:\Program Files\Insider\Insider.exe

    Please post the SDFix log the Combofix log a new HJT log and the Jotti results.

    Thanks
    Geri
     
    Geri,
    #3
  5. 2007/10/18
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    Cannot get into my control panel

    Evertytime I try to access my control panel I get the "Cancelled due to Restrictions in effect on this computer." I am the only adminastrator on this computer; is there another way in to the control panel to remove some of these programs?
    Also, "Do you know what this is? "
    C:\Program Files\Insider\Insider.exe

    Have no clue what that is.

    Charles
     
    chip4687,
    #4
  6. 2007/10/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK, Skip the removal of those for now, Go ahead with the rest of the fixes.

    Geri
     
    Geri,
    #5
  7. 2007/10/18
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    Combo fix log

    Also, I deleted "C:\Program Files\Insider\Insider.exe" file. Once I delete it I got my control panel access back.

    Also, I went to Jotti's Malware scan and submitted the file but recieved the following message:
    "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file."

    Combo fix log.

    ComboFix 07-10-17.8@ - Charles 2007-10-18 19:22:47.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.310 [GMT -5:00]
    Running from: C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\RREYT637\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Amy\Application Data\install.dat
    C:\Documents and Settings\Amy\Application Data\install.dat
    C:\Documents and Settings\Amy\My Documents\YMANTE~1
    C:\Documents and Settings\Amy\My Documents\YMANTE~1\?ymantec\
    C:\Program Files\ISM
    C:\Program Files\ISM\dictionary.gz
    C:\Program Files\ISM\targets.gz
    C:\Program Files\ISM2
    C:\Program Files\ISM2\dictionary.gz
    C:\Program Files\ISM2\targets.gz
    C:\WINDOWS\shell.sys
    C:\WINDOWS\system32\instsrv.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
    .

    2007-10-18 19:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-16 09:04 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-16 09:04 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-15 21:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-15 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-10-15 21:38 <DIR> d-------- C:\Program Files\Common Files\CasinoVegasShared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-18 23:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-10-16 22:28 --------- d-----w C:\Program Files\Java
    2007-10-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-16 17:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-16 17:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-16 17:16 --------- d-----w C:\Program Files\Symantec
    2007-10-16 14:59 --------- d--h--r C:\Documents and Settings\Charles\Application Data\yahoo!
    2007-10-16 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-10-16 13:53 --------- d-----w C:\Program Files\Yahoo!
    2007-10-16 13:52 --------- d-----w C:\Program Files\Common Files\scanner
    2007-10-16 02:39 --------- d-----w C:\Program Files\Wonderland Adventures
    2007-10-16 02:39 --------- d-----w C:\Program Files\bfgclient
    2007-10-16 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2007-10-16 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-17 18:23 --------- d-----w C:\Documents and Settings\Charles\Application Data\PlayFirst
    2006-07-04 13:50 27,880 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-12 03:44 27,880 ----a-w C:\Documents and Settings\Charles\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 294,912 2002-11-08 03:00:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    ----a-w 24,076 2007-04-06 03:00:42 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-04-05 22:00]
    "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "SsAAD.exe "= "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
    "Printer "= "C:\WINDOWS\system32\printer.exe" []
    "YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
    "osCheck "= "C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
    "Ncao "= "C:\WINDOWS\PPPATC~1\mmc.exe" []
    "Ycet "= "C:\WINDOWS\W?nSxS\??oolsv.exe" []
    "Spoolsv "= "C:\WINDOWS\system32\spoolvs.exe" []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
    C:\Program Files\Admilli Service\AdmilliServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511]
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    Ati2mdxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    C:\Program Files\BullsEye Network\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
    carpserv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tueuqmlg]
    C:\Program Files\Hvvrzci\Gznrq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZESOFT "=2 (0x2)
    "navapsvc "=2 (0x2)
    "ccEvtMgr "=2 (0x2)
    "YPCService "=3 (0x3)
    "VETMSGNT "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SQLAgent$MICROSOFTSMLBIZ "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "PACSPTISVR "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "MDM "=3 (0x3)
    "Ati HotKey Poller "=2 (0x2)
    "xmlprov "=3 (0x3)
    "WZCSVC "=2 (0x2)
    "wuauserv "=2 (0x2)
    "wscsvc "=2 (0x2)
    "WebClient "=2 (0x2)
    "TermService "=3 (0x3)
    "SysmonLog "=3 (0x3)
    "SMTPSVC "=2 (0x2)
    "SharedAccess "=2 (0x2)
    "Schedule "=2 (0x2)
    "RemoteRegistry "=2 (0x2)
    "RDSessMgr "=3 (0x3)
    "RasMan "=3 (0x3)
    "RasAuto "=3 (0x3)
    "Eventlog "=2 (0x2)
    "ERSvc "=2 (0x2)

    R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
    R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys
    S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;C:\WINDOWS\system32\Drivers\athwpn.sys
    S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\system32\AWINDIS5.SYS
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys
    S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-16 14:54:58 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Charles.job "
    - C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-18 19:33:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\wuapi.dll.mui_en
    C:\WINDOWS\system32\wuapi.dll.wusetup.528600.bak
    C:\WINDOWS\system32\wuauclt.exe.wusetup.540477.bak
    C:\WINDOWS\system32\wuaucpl.cpl.mui
    C:\WINDOWS\system32\wuaucpl.cpl.wusetup.545634.bak
    C:\WINDOWS\system32\wuaueng.dll.mui
    C:\WINDOWS\system32\wuaueng.dll.wusetup.552644.bak
    C:\WINDOWS\system32\wucltui.dll.mui

    scan completed successfully
    hidden files: 8

    **************************************************************************
    .
    Completion time: 2007-10-18 19:52:21 - machine was rebooted
    .
    --- E O F ---

    SDFIX Log


    SDFix: Version 1.109

    Run by Charles on Thu 10/18/2007 at 08:50 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\vqt.exe.tmp - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 13 Oct 2004 1,694,208 A..H. --- "C:\Program Files\Messenger\msmsgs.exe "
    Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe "
    Fri 4 May 2007 3,194,880 ...H. --- "C:\Program Files\Wonderland Adventures\Wonderland Adventures.exe "
    Sun 23 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sun 23 Oct 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak "
    Sun 23 Oct 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak "
    Sat 17 Dec 2005 518 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1.tmp "
    Mon 2 Oct 2006 50,280 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe "
    Sun 19 Dec 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg "
    Sun 19 Dec 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg "
    Sun 23 Oct 2005 4,348 ...H. --- "C:\Documents and Settings\Amy\My Documents\My Music\License Backup\drmv1key.bak "
    Thu 23 Nov 2006 20 A..H. --- "C:\Documents and Settings\Amy\My Documents\My Music\License Backup\drmv1lic.bak "
    Thu 23 Nov 2006 10,060 A.SH. --- "C:\Documents and Settings\Amy\My Documents\My Music\License Backup\drmv2key.bak "
    Tue 27 Feb 2007 431,104 ...H. --- "C:\Documents and Settings\Charles\Application Data\Microsoft\Word\~WRL1825.tmp "
    Tue 27 Feb 2007 430,592 ...H. --- "C:\Documents and Settings\Charles\Application Data\Microsoft\Word\~WRL2044.tmp "
    Tue 27 Feb 2007 428,544 ...H. --- "C:\Documents and Settings\Charles\Application Data\Microsoft\Word\~WRL3203.tmp "
    Sun 18 Jun 2006 31,744 A..H. --- "C:\Documents and Settings\Charles\Desktop\School\Business Communication Essential\~WRL0003.tmp "
    Tue 27 Feb 2007 423,936 A..H. --- "C:\Documents and Settings\Charles\Desktop\Taxes\Spring 1 2007\~WRL1449.tmp "
    Sun 23 Oct 2005 4,348 ...H. --- "C:\Documents and Settings\Charles\My Documents\My Music\License Backup\drmv1key.bak "
    Fri 9 Jun 2006 20 A..H. --- "C:\Documents and Settings\Charles\My Documents\My Music\License Backup\drmv1lic.bak "
    Fri 9 Jun 2006 488 A.SH. --- "C:\Documents and Settings\Charles\My Documents\My Music\License Backup\drmv2key.bak "
    Sat 29 Oct 2005 50,604 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\7.1\vs000223.tmp "

    Finished!

    Hijackthis after SDFix completed

    Logfile of HijackThis v1.99.1
    Scan saved at 9:46:24 PM, on 10/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\Charles\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177901551844
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
    Last edited: 2007/10/18
    chip4687,
    #6
  8. 2007/10/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    The SDFix log?

    Thanks
    Geri
     
    Geri,
    #7
  9. 2007/10/18
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    SDFix log

    SDFIX log is there, I went back and added it and the hijackthis log was done after everything else was done.
     
    chip4687,
    #8
  10. 2007/10/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi chip4687

    OK Thanks for that.

    I need you to delete the HJT program you have and download this one please.
    Run the set up and let it install to the default location ( C:/Program files)
    No need for a log with it just yet.

    Download a copy of HJTsetup.exe from here and save it to your Desktop.

    Now please do this.

    Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2007/10/19
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    DSS Main report

    Deckard's System Scanner v20071014.68
    Run by Charles on 2007-10-19 17:34:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    19: 2007-10-19 22:35:06 UTC - RP65 - Deckard's System Scanner Restore Point
    18: 2007-10-19 03:04:28 UTC - RP64 - Software Distribution Service 3.0
    17: 2007-10-19 00:22:07 UTC - RP63 - ComboFix created restore point
    16: 2007-10-18 13:26:49 UTC - RP62 - System Checkpoint
    15: 2007-10-16 22:24:31 UTC - RP61 - Installed Java(TM) 6 Update 3


    -- First Restore Point --
    1: 2007-09-18 17:15:26 UTC - RP47 - Restore Operation


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-10-19 17:39:37
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\Charles\Desktop\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177901551844
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Symantec\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


    --
    End of file - 9122 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R3 NETGEAR_WG511_SERVICE (NETGEAR WG511T Wireless Adapter Service) - c:\windows\system32\drivers\wg511nd5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>

    S3 ATHFMWDL (NETGEAR WPN111 Bootloader driver) - c:\windows\system32\drivers\athwpn.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    S3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
    S3 catchme - c:\docume~1\charles\locals~1\temp\catchme.sys (file missing)
    S3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - c:\windows\system32\drivers\wpn111.sys <Not Verified; NETGEAR, Inc.; Wireless USB 2.0 Adapter with RangeMax>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S4 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\3D7D441C04F42
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\3D7D441C04F42
    Service: NIC1394


    -- Scheduled Tasks -------------------------------------------------------------

    2007-10-16 09:54:58 580 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Charles.job


    -- Files created between 2007-09-19 and 2007-10-19 -----------------------------

    2007-10-18 20:48:45 0 d-------- C:\WINDOWS\ERUNT
    2007-10-15 21:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-10-15 21:40:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-15 21:36:22 4718592 --a------ C:\Documents and Settings\Charles\ntuser.dat


    -- Find3M Report ---------------------------------------------------------------

    2007-10-19 17:40:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-10-18 21:45:20 0 d-------- C:\Program Files\Common Files
    2007-10-16 17:28:34 0 d-------- C:\Program Files\Java
    2007-10-16 12:16:54 0 d-------- C:\Program Files\Symantec
    2007-10-16 09:59:56 0 dr-h----- C:\Documents and Settings\Charles\Application Data\yahoo!
    2007-10-16 08:53:26 0 d-------- C:\Program Files\Yahoo!
    2007-10-16 08:52:41 0 d-------- C:\Program Files\Common Files\scanner
    2007-10-15 21:39:57 0 d-------- C:\Program Files\bfgclient
    2007-09-18 12:11:44 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-17 13:23:58 0 d-------- C:\Documents and Settings\Charles\Application Data\PlayFirst


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 10:26 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "SsAAD.exe "= "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 07:58 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
    "osCheck "= "C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
    "Ncao "= "C:\WINDOWS\PPPATC~1\mmc.exe" []
    "Ycet "= "C:\WINDOWS\W?nSxS\??oolsv.exe" []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
    C:\Program Files\Admilli Service\AdmilliServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511]
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    Ati2mdxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    C:\Program Files\BullsEye Network\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
    carpserv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tueuqmlg]
    C:\Program Files\Hvvrzci\Gznrq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZESOFT "=2 (0x2)
    "navapsvc "=2 (0x2)
    "ccEvtMgr "=2 (0x2)
    "YPCService "=3 (0x3)
    "VETMSGNT "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SQLAgent$MICROSOFTSMLBIZ "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "PACSPTISVR "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "MDM "=3 (0x3)
    "Ati HotKey Poller "=2 (0x2)
    "xmlprov "=3 (0x3)
    "WZCSVC "=2 (0x2)
    "wuauserv "=2 (0x2)
    "wscsvc "=2 (0x2)
    "WebClient "=2 (0x2)
    "TermService "=3 (0x3)
    "SysmonLog "=3 (0x3)
    "SMTPSVC "=2 (0x2)
    "SharedAccess "=2 (0x2)
    "Schedule "=2 (0x2)
    "RemoteRegistry "=2 (0x2)
    "RDSessMgr "=3 (0x3)
    "RasMan "=3 (0x3)
    "RasAuto "=3 (0x3)
    "Eventlog "=2 (0x2)
    "ERSvc "=2 (0x2)

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2007-10-19 17:40:58 ------------
     
    chip4687,
    #10
  12. 2007/10/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Please do these next.

    Please follow these instructions exactly as given.

    Now download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the "Update now" link.
      • The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen
    6. Now click on "Recommended actions" and then select "Quarantine ".
    7. Under "Reports "
      • Select " Do Not Automatically generate reports "
    8. Now click on the Shield icon under the “Resident shield is” click it to show inactive
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions "
    6. Next select the "Save Reports"
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Download
    OTMoveIt by OldTimer to your Desktop.
    • Double click OTMoveIt.exe to launch it.
    • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
    • Click the Move It button.
    • The list will be processed and the results will appear in the right hand pane.
    • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    • When finished click Exit to exit the programme.
    • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

    Please post the AVG AS log the C:\_OTMoveIt\MovedFiles log and a New dss log.

    Can you get to msconfig or your control panel? or are the Restrictions still in place?

    Thanks
    Geri
     
    Geri,
    #11
  13. 2007/10/20
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    First part of Agv Anti-Spyware

    Once I got rid of that insider.exe I was able to get access to my control panel back and msconfig.


    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report---------------------------------------------------------

    + Created at: 12:45:06 PM 10/20/2007

    + Scan result:



    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088767.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088768.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088769.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088770.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089339.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089340.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089341.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089342.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094388.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094389.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094390.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094391.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Amy\Start Menu\Programs\SpySheriff -> Adware.SpySheriff : Cleaned with backup (quarantined).
    C:\Documents and Settings\Amy\Start Menu\Programs\SpySheriff\SpySheriff.lnk -> Adware.SpySheriff : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094015.exe -> Downloader.Adload.lv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094003.exe -> Downloader.Age : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094243.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094244.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094288.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094289.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088765.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089337.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094393.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094017.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096505.dll -> Downloader.ConHook : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096504.dll -> Downloader.ConHook.an : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP64\A0097315.exe -> Downloader.Obfuscatd.bk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094005.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094007.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093991.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088777.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088778.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089348.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089349.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095416.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096503.dll -> Logger.Small.ez : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094029.exe -> Not-A-Virus.Downloader.Win32.Agent.q : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088764.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089336.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
    C:\Documents and Settings\Amy\Cookies\amy@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@oasc04.247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@americafirstcreditunion.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@atbatterycompanyinc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@nextstudent.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@rrpartners.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ulta.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@waterfrontmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@mrsupergames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www0.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfk4akajokp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfk4eiazghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfkospdpweo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfkyqkdjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfkywgdjgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfliancpolq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wflouncpcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wfmispd5geo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wgkywicjeep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wglyapdpabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6whkyejdpkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjk4cjd5gbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjk4ugdjgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkoeiczmeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkooldjsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkyaicjgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkyqjazmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkyqmdzmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkyunc5ifo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjl4egajwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjl4oicpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjlicidjkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjlishazkkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
     
    chip4687,
    #12
  14. 2007/10/20
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    End of AVG Anti-Spyware, OTMovit

    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjliwodpkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjlyuncpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjmiglcjklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjmikjdjaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjmiskdjekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjmismajiep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjny-1gazig.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnycmdpodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnycndzoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnycpc5iao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnyekazcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnyekcjmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnyghcpmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnyoocjaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-adaptivemarketing.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-carmax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-espn.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-franklinelectronic.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-hasbro.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-hollywoodmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-ingersollrand.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-legalmatch.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-mgmmirageoperations.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-myspaceinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-nissan.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-pizzahut.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-realtytrac.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-triseptsoultions.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg-verizoncommunications.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@starware[2].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@www.vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Amy\Cookies\amy@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Charles\Cookies\charles@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096502.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088775.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089345.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-2.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-3.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-4.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-5.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-6.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\snapshot\MFEX-7.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094222.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-2.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-3.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-4.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-5.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-6.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-7.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\snapshot\MFEX-8.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094248.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\snapshot\MFEX-3.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094277.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094291.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\snapshot\MFEX-2.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-2.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-3.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-4.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-5.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-6.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\snapshot\MFEX-7.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094313.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094345.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0096430.dll -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-1.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-10.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-11.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-12.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-13.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-2.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-3.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-4.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-5.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-6.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-7.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-8.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\snapshot\MFEX-9.DAT -> Trojan.Agent.bip : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093992.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093993.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093994.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094016.exe -> Trojan.Agent.bqn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096506.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drivers\etc\1.hosts -> Trojan.Qhost.my : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088771.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088772.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088773.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088774.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089319.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089320.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089326.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089327.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089343.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089344.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0093988.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093996.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094229.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094233.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094251.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094255.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094264.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094267.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094280.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094283.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094302.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094306.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094315.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094319.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094330.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094332.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094347.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094348.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094360.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094365.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096501.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095415.pif -> Trojan.WOW.fo : Cleaned with backup (quarantined).


    ::Report end

    C:\Program Files\Hvvrzci moved successfully.File/Folder C:\Program Files\BullsEye Network not found.
    File/Folder C:\Program Files\Admilli Service not found.
    File/Folder C:\WINDOWS\PPPATC~1\mmc.exe not found.
    File/Folder C:\WINDOWS\W?nSxS\??oolsv.exe not found.

    Created on 10/20/2007 12:57:17
     
    chip4687,
    #13
  15. 2007/10/20
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    New DSS Log

    Deckard's System Scanner v20071014.68Run by Charles on 2007-10-20 13:00:06
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Charles.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:00:58 PM, on 10/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\PROGRA~1\Symantec\Norton AntiVirus\NAVW32.exe
    C:\Documents and Settings\Charles\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Charles.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177901551844
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 7545 bytes

    -- Files created between 2007-09-20 and 2007-10-20 -----------------------------

    2007-10-20 13:00:30 0 d-------- C:\Program Files\Trend Micro
    2007-10-19 23:08:21 0 d-------- C:\Documents and Settings\Charles\Application Data\Grisoft
    2007-10-19 23:08:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-18 20:48:45 0 d-------- C:\WINDOWS\ERUNT
    2007-10-15 21:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-10-15 21:40:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-15 21:36:22 4718592 --a------ C:\Documents and Settings\Charles\ntuser.dat


    -- Find3M Report ---------------------------------------------------------------

    2007-10-20 12:57:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-10-18 21:45:20 0 d-------- C:\Program Files\Common Files
    2007-10-16 17:28:34 0 d-------- C:\Program Files\Java
    2007-10-16 12:16:54 0 d-------- C:\Program Files\Symantec
    2007-10-16 09:59:56 0 dr-h----- C:\Documents and Settings\Charles\Application Data\yahoo!
    2007-10-16 08:53:26 0 d-------- C:\Program Files\Yahoo!
    2007-10-16 08:52:41 0 d-------- C:\Program Files\Common Files\scanner
    2007-10-15 21:39:57 0 d-------- C:\Program Files\bfgclient
    2007-09-18 12:11:44 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-17 13:23:58 0 d-------- C:\Documents and Settings\Charles\Application Data\PlayFirst


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 10:26 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "SsAAD.exe "= "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 07:58 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
    "osCheck "= "C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
    "Ncao "= "C:\WINDOWS\PPPATC~1\mmc.exe" []
    "Ycet "= "C:\WINDOWS\W?nSxS\??oolsv.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
    C:\Program Files\Admilli Service\AdmilliServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511]
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    Ati2mdxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    C:\Program Files\BullsEye Network\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
    carpserv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tueuqmlg]
    C:\Program Files\Hvvrzci\Gznrq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZESOFT "=2 (0x2)
    "navapsvc "=2 (0x2)
    "ccEvtMgr "=2 (0x2)
    "YPCService "=3 (0x3)
    "VETMSGNT "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SQLAgent$MICROSOFTSMLBIZ "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "PACSPTISVR "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "MDM "=3 (0x3)
    "Ati HotKey Poller "=2 (0x2)
    "xmlprov "=3 (0x3)
    "WZCSVC "=2 (0x2)
    "wuauserv "=2 (0x2)
    "wscsvc "=2 (0x2)
    "WebClient "=2 (0x2)
    "TermService "=3 (0x3)
    "SysmonLog "=3 (0x3)
    "SMTPSVC "=2 (0x2)
    "SharedAccess "=2 (0x2)
    "Schedule "=2 (0x2)
    "RemoteRegistry "=2 (0x2)
    "RDSessMgr "=3 (0x3)
    "RasMan "=3 (0x3)
    "RasAuto "=3 (0x3)
    "Eventlog "=2 (0x2)
    "ERSvc "=2 (0x2)

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2007-10-20 13:02:05 ------------
     
    chip4687,
    #14
  16. 2007/10/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi chip4687

    Please do this next.

    Open “NotePad” Copy the contents of the code box below to the blank NotePad.
    Click "File" > "Save as "
    In the "Save In" box at the top click the down arrow and select DeskTop

    In the “File name” type in: fix.reg
    In the “Save As Type” select: All Files
    Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.



    Code:
    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\[COLOR="Black"]control[/COLOR]\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tueuqmlg]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
    Please go to C:\Windows\system32 folder and look for
    append.dll

    If present right click it and delete


    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool "; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Please post a uninstall list, here is how.

    To get an Uninstall List from HijackThis:
    • Open HijackThis, click Config, click Misc Tools
    • Click "Open Uninstall Manager "
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, copy and paste the results in your next post.


    Please post the smitfruad log a new dss log the uninstall list and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #15
  17. 2007/10/21
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    SmitFraudFix and Uninstall List

    SmitFraudFix v2.240
    Scan done at 11:19:15.75, Sun 10/21/2007
    Run from C:\Documents and Settings\Charles\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charles\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NETGEAR 108 Mbps Wireless PC Card WG511T - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.254

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{58AAB1B2-1C20-4E23-A126-766243393056}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{58AAB1B2-1C20-4E23-A126-766243393056}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{58AAB1B2-1C20-4E23-A126-766243393056}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    Uninstall list

    Adobe Download Manager 2.2 (Remove Only)
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.8
    Adobe® Photoshop® Album Starter Edition 3.0
    AppCore
    AT&T Yahoo! Applications
    ATI Control Panel
    ATI Display Driver
    AV
    AVG Anti-Spyware 7.5
    Broadcom 440x Driver Installer
    BroadJump Client Foundation
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    ccCommon
    Conexant D480 MDC V.92 Modem
    Course 12 v2.1
    Dell ResourceCD
    DV Network Software
    Google Earth
    HijackThis 2.0.2
    Hotfix for Windows XP (KB915865)
    InterActual Player
    Internet Speed Monitor
    InterVideo WinDVD 7
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Macromedia Shockwave Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft ASP.NET codename "Atlas "
    Microsoft Expression Web
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project Professional 2003 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Management Edition 2006 CD 2
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft Visual Basic .NET Standard 2003 - English
    Microsoft Visual C++ .NET Standard 2003 - English
    MSDN Library for Visual Studio .NET 2003
    MSN Music Assistant
    MSRedist
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 Parser and SDK
    NETGEAR 108 Mbps Wireless PC Card WG511T
    Norton AntiVirus
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Protection Center
    OpenMG Limited Patch 4.1-05-13-31-01
    OpenMG Secure Module 4.1.00
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939373)
    Security Update for Windows XP (KB941202)
    SigmaTel AC97 Audio Drivers
    SimProject
    Solitaire 1000
    SonicStage 3.0
    SPBBC 32bit
    Spelling Dictionaries For Adobe Reader Package
    SymNet
    Synaptics Pointing Device Driver
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
     
    chip4687,
    #16
  18. 2007/10/21
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    DSS log

    Deckard's System Scanner v20071014.68
    Run by Charles on 2007-10-21 11:33:20
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Charles.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:26 AM, on 10/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Charles\Desktop\dss.exe
    C:\DOCUME~1\Charles\LOCALS~1\Temp\TEMPOR~2.ZIP\Charles.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177901551844
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 7581 bytes

    -- Files created between 2007-09-21 and 2007-10-21 -----------------------------

    2007-10-21 11:19:21 2982 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-21 11:18:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-21 11:18:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-21 11:18:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-21 11:18:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-21 11:18:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-20 13:00:30 0 d-------- C:\Program Files\Trend Micro
    2007-10-19 23:08:21 0 d-------- C:\Documents and Settings\Charles\Application Data\Grisoft
    2007-10-19 23:08:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-18 20:48:45 0 d-------- C:\WINDOWS\ERUNT
    2007-10-15 21:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-10-15 21:40:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-15 21:36:22 4718592 --a------ C:\Documents and Settings\Charles\ntuser.dat


    -- Find3M Report ---------------------------------------------------------------

    2007-10-20 12:57:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-10-18 21:45:20 0 d-------- C:\Program Files\Common Files
    2007-10-16 17:28:34 0 d-------- C:\Program Files\Java
    2007-10-16 12:16:54 0 d-------- C:\Program Files\Symantec
    2007-10-16 09:59:56 0 dr-h----- C:\Documents and Settings\Charles\Application Data\yahoo!
    2007-10-16 08:53:26 0 d-------- C:\Program Files\Yahoo!
    2007-10-16 08:52:41 0 d-------- C:\Program Files\Common Files\scanner
    2007-10-15 21:39:57 0 d-------- C:\Program Files\bfgclient
    2007-09-18 12:11:44 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-17 13:23:58 0 d-------- C:\Documents and Settings\Charles\Application Data\PlayFirst


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 10:26 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "SsAAD.exe "= "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 07:58 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
    "osCheck "= "C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
    "Ncao "= "C:\WINDOWS\PPPATC~1\mmc.exe" []
    "Ycet "= "C:\WINDOWS\W?nSxS\??oolsv.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511]
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    Ati2mdxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
    carpserv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZESOFT "=2 (0x2)
    "navapsvc "=2 (0x2)
    "ccEvtMgr "=2 (0x2)
    "YPCService "=3 (0x3)
    "VETMSGNT "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SQLAgent$MICROSOFTSMLBIZ "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "PACSPTISVR "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "MDM "=3 (0x3)
    "Ati HotKey Poller "=2 (0x2)
    "xmlprov "=3 (0x3)
    "WZCSVC "=2 (0x2)
    "wuauserv "=2 (0x2)
    "wscsvc "=2 (0x2)
    "WebClient "=2 (0x2)
    "TermService "=3 (0x3)
    "SysmonLog "=3 (0x3)
    "SMTPSVC "=2 (0x2)
    "SharedAccess "=2 (0x2)
    "Schedule "=2 (0x2)
    "RemoteRegistry "=2 (0x2)
    "RDSessMgr "=3 (0x3)
    "RasMan "=3 (0x3)
    "RasAuto "=3 (0x3)
    "Eventlog "=2 (0x2)
    "ERSvc "=2 (0x2)

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2007-10-21 11:33:57 ------------
     
    chip4687,
    #17
  19. 2007/10/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi chip4687

    This is not a good location for HJT.
    C:\DOCUME~1\Charles\LOCALS~1\Temp\TEMPOR~2.ZIP\Cha rles.exe

    But seeings on how you don't want to follow my directions..
    "Run the set up and let it install to the default location ( C:/Program files) "
    You can deal with it from there incase anything is lost in the remaining fix process.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following:

    J2SE Runtime Environment 5.0 Update 6


    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\PPPATC~1\mmc.exe" -vt yazb
    O4 - HKCU\..\Run: [Ycet] C:\WINDOWS\W?nSxS\??oolsv.exe

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Please reboot your computer.


    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Please post the Kaspersky results.

    Geri
     
    Geri,
    #18
  20. 2007/10/21
    chip4687

    chip4687 Inactive Thread Starter

    Joined:
    2007/10/16
    Messages:
    20
    Likes Received:
    0
    Kaspersky log

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, October 21, 2007 9:29:05 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 21/10/2007
    Kaspersky Anti-Virus database records: 442285
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 90481
    Number of viruses found: 12
    Number of infected objects: 97
    Number of suspicious objects: 0
    Duration of the scan process: 06:14:05

    Infected Object Name / Virus Name / Last Action
    C:\c1183cba265590d1c070\blackbox.dll Object is locked skipped
    C:\c1183cba265590d1c070\drmv2clt.dll Object is locked skipped
    C:\c1183cba265590d1c070\empty.cat Object is locked skipped
    C:\c1183cba265590d1c070\spmsg.dll Object is locked skipped
    C:\c1183cba265590d1c070\spuninst.exe Object is locked skipped
    C:\c1183cba265590d1c070\update\custdll.dll Object is locked skipped
    C:\c1183cba265590d1c070\update\eula.txt Object is locked skipped
    C:\c1183cba265590d1c070\update\kb910998.cat Object is locked skipped
    C:\c1183cba265590d1c070\update\prereq.inf Object is locked skipped
    C:\c1183cba265590d1c070\update\update.exe Object is locked skipped
    C:\c1183cba265590d1c070\update\update.inf Object is locked skipped
    C:\c1183cba265590d1c070\update\update.ver Object is locked skipped
    C:\c1183cba265590d1c070\update\updspapi.dll Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0bc921a144b14ffce893140c037c6500_e519ea9b-f86a-41e8-a113-30517f21d5a8 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\CB8E6584.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F9160924.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
    C:\Documents and Settings\Charles\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Charles\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Charles\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Charles\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Charles\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\Temp\~DFCD2A.tmp Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\Temp\~DFCD3E.tmp Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Charles\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Charles\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\empty.cat Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\fsdkreboot.exe Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\spmsg.dll Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\spuninst.exe Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\spupdsvc.exe Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\eula.txt Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\kb891122.cat Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\update.exe Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\update.inf Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\update.ver Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\update\updspapi.dll Object is locked skipped
    C:\fd60d9660f50e442be2c178a6d45\wmfdist95.exe Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088758.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088759.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088760.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088761.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088762.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088766.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.g skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088776.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088779.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088780.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088781.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0088782.exe Infected: not-virus:Hoax.Win32.Renos.jr skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089309.exe Infected: not-virus:Hoax.Win32.Renos.jr skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089314.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089315.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089316.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089317.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP47\A0089318.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089328.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089329.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089330.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089331.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089332.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089338.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.g skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089346.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089347.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089350.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP48\A0089351.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0093999.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gg skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094000.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gh skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094021.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gg skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094022.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gh skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094023.exe Infected: Trojan-Downloader.Win32.Agent.dve skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094028.dll Infected: not-a-virus:AdWare.Win32.AdBand.b skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP49\A0094032.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094230.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094231.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094232.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094234.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP50\A0094235.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094249.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094250.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094252.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094253.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094254.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094263.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094265.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094266.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094268.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP51\A0094269.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094278.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094279.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094281.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094282.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP52\A0094284.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094292.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094293.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094294.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094295.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094301.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094303.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094304.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094305.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP53\A0094307.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094314.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094316.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094317.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094318.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094320.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094324.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094329.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094331.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094333.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094334.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP54\A0094335.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094338.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094339.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094340.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094341.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094346.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094352.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094361.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094362.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094363.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094364.exe Infected: not-virus:Hoax.Win32.Renos.jp skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094366.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP55\A0094392.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.g skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095409.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095411.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095412.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0095413.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP56\A0096431.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP60\A0096507.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
    C:\System Volume Information\_restore{1C6D4758-C3CB-411F-A94A-0EA55ECEDA7C}\RP67\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\nxnxqrxr.exe Infected: Trojan-Dropper.Win32.Small.avu skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    chip4687,
    #19
  21. 2007/10/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi chip4687

    • Double click OTMoveIt.exe to launch it.
    • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
    • Click the Move It button.
    • The list will be processed and the results will appear in the right hand pane.
    • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    • When finished click Exit to exit the programme.
    • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

    Make sure OTMoveIt was able to move that file.

    Let me know.

    Let me know how things are running, if everything seems OK then we will proceed with cleaning up.

    Geri
     
    Geri,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...