Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Cannot update windows + Anti-virus 2009 pop-ups [RESOLVED], Error OX8DDD0018 + 1058
revi
post Oct 28 2008, 06:02 PM
Post #1


Member
**
Posts: 12
From: London England
OS: XP
Hi,

Can you please help.

I am unable to get automatic updates for windows or Internet explorer .

At first I believed it to be a problem with XP SP3 but now I am certain that I have a bug of some type that as written itself into the root registry.

Virus scan keeps removing something, but I can not find a list of what that is.

I will try and post the Highjack thingy here.

Looking forward to stopping these pop ups that’s keep telling me to download a ani-virus 2009.

Cheers

Revi.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:25, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HistoryKill 2008\histkill.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [a8833c6a] rundll32.exe "C:\WINDOWS\system32\rotkymuw.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [HistoryKill] "C:\Program Files\HistoryKill 2008\histkill.exe" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213910483015
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs: bopfuz.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8627 bytes


I've tried to save an unintall list with no luck. When I press save, the box just closes without notepad opening.

Hope you can help.



Thanks mate,

Below is the list f the scan


--------------------\\ Lop S&D 4.2.4-8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Bevin ( Administrator )
BOOT : Normal boot
Antivirus : Windows Live OneCare 1.0.0 (Not Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:86 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:52 Go)

"C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
Option : [1] ( 29/10/2008| 1:06 )

--------------------\\ Listing folders in APPLIC~1

[11/02/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/08/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
[26/04/2008|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/06/2008|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/06/2008|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/10/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[22/02/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/10/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[19/01/2007|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[26/10/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/07/2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[13/09/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[10/06/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[25/01/2007|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
[30/03/2007|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15/03/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[19/01/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[19/01/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[18/06/2008|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/09/2008|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[29/01/2007|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[03/03/2008|17:53] C:\DOCUME~1\Bevin\APPLIC~1\Adobe
[29/04/2007|00:49] C:\DOCUME~1\Bevin\APPLIC~1\AdobeUM
[26/04/2008|15:38] C:\DOCUME~1\Bevin\APPLIC~1\Ahead
[23/10/2008|15:58] C:\DOCUME~1\Bevin\APPLIC~1\Apple Computer
[15/03/2008|12:26] C:\DOCUME~1\Bevin\APPLIC~1\ArcSoft
[17/06/2008|12:38] C:\DOCUME~1\Bevin\APPLIC~1\Creative
[26/04/2008|15:24] C:\DOCUME~1\Bevin\APPLIC~1\dvdcss
[10/10/2007|17:32] C:\DOCUME~1\Bevin\APPLIC~1\Google
[24/10/2008|08:23] C:\DOCUME~1\Bevin\APPLIC~1\Help
[19/02/2007|14:29] C:\DOCUME~1\Bevin\APPLIC~1\Identities
[29/04/2008|21:32] C:\DOCUME~1\Bevin\APPLIC~1\InstallShield
[19/01/2007|21:09] C:\DOCUME~1\Bevin\APPLIC~1\InterTrust
[18/04/2008|11:39] C:\DOCUME~1\Bevin\APPLIC~1\LimeWire
[11/06/2008|02:17] C:\DOCUME~1\Bevin\APPLIC~1\Logitech
[27/01/2007|16:38] C:\DOCUME~1\Bevin\APPLIC~1\Macromedia
[26/10/2008|09:13] C:\DOCUME~1\Bevin\APPLIC~1\Microsoft
[26/10/2008|05:40] C:\DOCUME~1\Bevin\APPLIC~1\MSN6
[13/09/2008|14:51] C:\DOCUME~1\Bevin\APPLIC~1\Nero
[26/12/2007|13:45] C:\DOCUME~1\Bevin\APPLIC~1\NeroDCTemplates
[30/09/2007|22:01] C:\DOCUME~1\Bevin\APPLIC~1\Roxio
[16/10/2007|22:24] C:\DOCUME~1\Bevin\APPLIC~1\Samsung
[19/01/2007|23:21] C:\DOCUME~1\Bevin\APPLIC~1\ScanSoft
[26/10/2008|08:28] C:\DOCUME~1\Bevin\APPLIC~1\SiteAdvisor
[01/03/2007|09:18] C:\DOCUME~1\Bevin\APPLIC~1\Sonic
[17/02/2007|19:36] C:\DOCUME~1\Bevin\APPLIC~1\Steinberg
[23/02/2007|14:00] C:\DOCUME~1\Bevin\APPLIC~1\Sun
[20/01/2007|01:08] C:\DOCUME~1\Bevin\APPLIC~1\Symantec
[13/09/2008|17:18] C:\DOCUME~1\Bevin\APPLIC~1\TuneUp Software
[10/09/2007|02:19] C:\DOCUME~1\Bevin\APPLIC~1\U3
[24/04/2008|11:46] C:\DOCUME~1\Bevin\APPLIC~1\vlc

[26/03/2008|00:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[29/04/2008|22:33] C:\DOCUME~1\Jacqui\APPLIC~1\Google
[17/02/2007|05:46] C:\DOCUME~1\Jacqui\APPLIC~1\Identities
[15/06/2008|13:22] C:\DOCUME~1\Jacqui\APPLIC~1\Logitech
[07/05/2007|21:49] C:\DOCUME~1\Jacqui\APPLIC~1\Microsoft
[29/04/2008|22:51] C:\DOCUME~1\Jacqui\APPLIC~1\Symantec

[26/10/2008|08:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/10/2008|15:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[19/01/2007|17:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[29/10/2008 01:00][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[12/09/2008 22:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/10/2008 23:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/03/2003 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/05/2007|16:38] C:\Program Files\360Share Pro
[17/06/2008|11:19] C:\Program Files\Adobe
[11/10/2008|17:02] C:\Program Files\AGEIA Technologies
[29/04/2008|21:45] C:\Program Files\AMD
[18/08/2008|08:25] C:\Program Files\Apple Software Update
[10/06/2008|05:50] C:\Program Files\Apple Software Update(2)
[19/01/2007|23:20] C:\Program Files\ArcSoft
[19/06/2008|01:16] C:\Program Files\Arturia
[19/01/2007|17:28] C:\Program Files\AvRack
[18/08/2008|08:24] C:\Program Files\Bonjour
[07/09/2008|19:55] C:\Program Files\Borland
[13/02/2007|15:34] C:\Program Files\BroadJump
[19/01/2007|23:22] C:\Program Files\Canon
[28/10/2008|05:25] C:\Program Files\CCleaner
[26/10/2008|08:34] C:\Program Files\Common Files
[19/06/2008|00:26] C:\Program Files\Creative
[05/07/2008|19:14] C:\Program Files\directx
[23/06/2008|09:37] C:\Program Files\DiscWizard for Windows
[28/06/2008|22:43] C:\Program Files\Doom 3
[10/03/2007|16:25] C:\Program Files\DVD Shrink
[17/06/2008|11:19] C:\Program Files\EINGANA
[07/04/2008|02:00] C:\Program Files\ffdshow
[11/02/2008|14:51] C:\Program Files\Google
[04/07/2008|19:08] C:\Program Files\HistoryKill 2007
[05/07/2008|08:38] C:\Program Files\HistoryKill 2008
[19/06/2008|01:20] C:\Program Files\iM Networks
[12/09/2008|08:14] C:\Program Files\InstallShield Installation Information
[10/06/2008|08:08] C:\Program Files\Intel Desktop Board
[15/10/2008|04:00] C:\Program Files\Internet Explorer
[18/08/2008|08:24] C:\Program Files\iPod
[18/08/2008|08:24] C:\Program Files\iTunes
[12/05/2007|16:37] C:\Program Files\Java
[21/01/2008|04:01] C:\Program Files\Ligos
[11/06/2008|01:51] C:\Program Files\Logitech
[07/09/2008|20:04] C:\Program Files\Maxis
[26/10/2008|08:33] C:\Program Files\McAfee
[23/10/2008|15:58] C:\Program Files\Messenger
[19/06/2008|21:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[28/10/2007|23:02] C:\Program Files\microsoft frontpage
[20/01/2007|03:09] C:\Program Files\Microsoft Games
[19/01/2007|23:07] C:\Program Files\Microsoft Office
[21/10/2008|23:50] C:\Program Files\Microsoft Silverlight
[19/06/2008|17:18] C:\Program Files\Microsoft SQL Server Compact Edition
[19/06/2008|17:23] C:\Program Files\Microsoft Synchronization Services
[27/10/2008|22:30] C:\Program Files\Microsoft Windows OneCare Live
[19/06/2008|20:42] C:\Program Files\Movie Maker
[19/01/2007|17:03] C:\Program Files\MSN
[19/01/2007|17:03] C:\Program Files\MSN Gaming Zone
[20/07/2008|14:06] C:\Program Files\My Hidden Folders
[14/09/2008|14:30] C:\Program Files\Napster
[13/09/2008|14:47] C:\Program Files\Nero
[19/06/2008|20:41] C:\Program Files\NetMeeting
[19/01/2007|17:03] C:\Program Files\Online Services
[19/06/2008|20:40] C:\Program Files\Outlook Express
[31/03/2008|15:38] C:\Program Files\Outlook Express Mail Alert
[10/06/2008|06:34] C:\Program Files\PC Drivers HeadQuarters
[20/01/2007|00:42] C:\Program Files\Philips Intelligent Agent
[12/08/2008|02:38] C:\Program Files\QuickTime
[10/06/2008|05:50] C:\Program Files\QuickTime(2)
[10/06/2008|07:31] C:\Program Files\Realtek AC97
[17/02/2007|07:09] C:\Program Files\RegistryPatrol3.0
[18/08/2008|08:18] C:\Program Files\Safari
[16/10/2007|22:17] C:\Program Files\Samsung
[19/01/2007|23:21] C:\Program Files\ScanSoft
[19/01/2007|17:19] C:\Program Files\Silicon Integrated Systems
[19/01/2007|17:20] C:\Program Files\SiS VGA Utilities V3.68
[28/06/2008|22:41] C:\Program Files\sisagp
[01/03/2007|09:17] C:\Program Files\Sonic
[13/08/2008|13:51] C:\Program Files\Steam
[17/02/2007|18:39] C:\Program Files\Steinberg
[29/01/2007|22:29] C:\Program Files\SuperUtility
[18/06/2008|16:00] C:\Program Files\Symantec
[01/04/2008|23:56] C:\Program Files\SystemRequirementsLab
[22/05/2008|22:12] C:\Program Files\THQ
[28/10/2008|21:22] C:\Program Files\Trend Micro
[24/10/2008|06:55] C:\Program Files\TuneUp Utilities 2008
[23/09/2008|19:27] C:\Program Files\TVAnts
[11/06/2008|01:58] C:\Program Files\UIU
[10/06/2008|08:08] C:\Program Files\Unibrain
[24/05/2007|15:06] C:\Program Files\Virgin Media Games
[26/02/2007|01:13] C:\Program Files\VirginBroadband
[19/12/2007|01:07] C:\Program Files\Windows Defender
[04/03/2008|00:35] C:\Program Files\Windows Media Connect 2
[19/06/2008|20:55] C:\Program Files\Windows Media Player
[19/06/2008|20:40] C:\Program Files\Windows NT
[28/10/2008|04:50] C:\Program Files\WindowsUpdate
[19/01/2007|17:06] C:\Program Files\xerox
[27/01/2007|16:35] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[28/12/2007|00:30] C:\Program Files\Common Files\Adobe
[13/09/2008|14:37] C:\Program Files\Common Files\Ahead
[09/06/2008|21:38] C:\Program Files\Common Files\Apple
[19/01/2007|23:08] C:\Program Files\Common Files\Designer
[01/04/2008|22:14] C:\Program Files\Common Files\EasyInfo
[12/02/2007|16:10] C:\Program Files\Common Files\InstallShield
[12/05/2007|16:36] C:\Program Files\Common Files\Java
[27/01/2007|13:30] C:\Program Files\Common Files\LightScribe
[11/06/2008|01:51] C:\Program Files\Common Files\Logitech
[22/05/2008|22:13] C:\Program Files\Common Files\Microsoft Shared
[13/02/2007|15:35] C:\Program Files\Common Files\Motive
[19/01/2007|17:04] C:\Program Files\Common Files\MSSoap
[14/07/2007|18:17] C:\Program Files\Common Files\Napster Shared
[13/09/2008|14:49] C:\Program Files\Common Files\Nero
[19/01/2007|23:21] C:\Program Files\Common Files\ScanSoft Shared
[19/01/2007|17:04] C:\Program Files\Common Files\Services
[01/03/2007|09:17] C:\Program Files\Common Files\Sonic Shared
[19/01/2007|16:09] C:\Program Files\Common Files\SpeechEngines
[18/06/2008|00:18] C:\Program Files\Common Files\Symantec Shared
[19/06/2008|20:40] C:\Program Files\Common Files\System
[11/10/2008|17:02] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 58 Processes )

IEXPLORE.EXE ~ [PID:1156]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Bevin\Cookies\bevin@adultfriendfinder[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 01:09:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\eedKQXbc.ini
C:\WINDOWS\system32\eedKQXbc.ini2
C:\WINDOWS\system32\cbXQKdee.dll
==> VUNDO <==



[F:16][D:6]-> C:\DOCUME~1\Bevin\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Bevin\Cookies
[F:432][D:10]-> C:\DOCUME~1\Bevin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 29/10/2008| 1:10 - Option : [1]

--------------------\\ Scan completed at 1:10:17


I will turn antivirus back on now,

Cheers

Revi

This post has been edited by revi: Oct 28 2008, 07:13 PM
Go to the top of the page
 
+Quote Post
Rorschach112
post Oct 28 2008, 06:07 PM
Post #2


GeekU Teacher
Group Icon
Posts: 21,884
From: Dublin
OS: XP
Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Go to the top of the page
 
+Quote Post
revi
post Oct 28 2008, 08:30 PM
Post #3


Member
**
Posts: 12
From: London England
OS: XP
Sorry Rorschach112, put this in edit instead of reply

paste it here now.

Thanks mate,

Below is the list f the scan


--------------------\\ Lop S&D 4.2.4-8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Bevin ( Administrator )
BOOT : Normal boot
Antivirus : Windows Live OneCare 1.0.0 (Not Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:86 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:52 Go)

"C:\Lop SD" ( MAJ : 27-10-2008|09:15 )
Option : [1] ( 29/10/2008| 1:06 )

--------------------\\ Listing folders in APPLIC~1

[11/02/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/08/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
[26/04/2008|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/06/2008|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/06/2008|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/10/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[22/02/2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/10/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[19/01/2007|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[26/10/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/07/2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[13/09/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[10/06/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[25/01/2007|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
[30/03/2007|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15/03/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[19/01/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[19/01/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[18/06/2008|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/09/2008|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[29/01/2007|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[03/03/2008|17:53] C:\DOCUME~1\Bevin\APPLIC~1\Adobe
[29/04/2007|00:49] C:\DOCUME~1\Bevin\APPLIC~1\AdobeUM
[26/04/2008|15:38] C:\DOCUME~1\Bevin\APPLIC~1\Ahead
[23/10/2008|15:58] C:\DOCUME~1\Bevin\APPLIC~1\Apple Computer
[15/03/2008|12:26] C:\DOCUME~1\Bevin\APPLIC~1\ArcSoft
[17/06/2008|12:38] C:\DOCUME~1\Bevin\APPLIC~1\Creative
[26/04/2008|15:24] C:\DOCUME~1\Bevin\APPLIC~1\dvdcss
[10/10/2007|17:32] C:\DOCUME~1\Bevin\APPLIC~1\Google
[24/10/2008|08:23] C:\DOCUME~1\Bevin\APPLIC~1\Help
[19/02/2007|14:29] C:\DOCUME~1\Bevin\APPLIC~1\Identities
[29/04/2008|21:32] C:\DOCUME~1\Bevin\APPLIC~1\InstallShield
[19/01/2007|21:09] C:\DOCUME~1\Bevin\APPLIC~1\InterTrust
[18/04/2008|11:39] C:\DOCUME~1\Bevin\APPLIC~1\LimeWire
[11/06/2008|02:17] C:\DOCUME~1\Bevin\APPLIC~1\Logitech
[27/01/2007|16:38] C:\DOCUME~1\Bevin\APPLIC~1\Macromedia
[26/10/2008|09:13] C:\DOCUME~1\Bevin\APPLIC~1\Microsoft
[26/10/2008|05:40] C:\DOCUME~1\Bevin\APPLIC~1\MSN6
[13/09/2008|14:51] C:\DOCUME~1\Bevin\APPLIC~1\Nero
[26/12/2007|13:45] C:\DOCUME~1\Bevin\APPLIC~1\NeroDCTemplates
[30/09/2007|22:01] C:\DOCUME~1\Bevin\APPLIC~1\Roxio
[16/10/2007|22:24] C:\DOCUME~1\Bevin\APPLIC~1\Samsung
[19/01/2007|23:21] C:\DOCUME~1\Bevin\APPLIC~1\ScanSoft
[26/10/2008|08:28] C:\DOCUME~1\Bevin\APPLIC~1\SiteAdvisor
[01/03/2007|09:18] C:\DOCUME~1\Bevin\APPLIC~1\Sonic
[17/02/2007|19:36] C:\DOCUME~1\Bevin\APPLIC~1\Steinberg
[23/02/2007|14:00] C:\DOCUME~1\Bevin\APPLIC~1\Sun
[20/01/2007|01:08] C:\DOCUME~1\Bevin\APPLIC~1\Symantec
[13/09/2008|17:18] C:\DOCUME~1\Bevin\APPLIC~1\TuneUp Software
[10/09/2007|02:19] C:\DOCUME~1\Bevin\APPLIC~1\U3
[24/04/2008|11:46] C:\DOCUME~1\Bevin\APPLIC~1\vlc

[26/03/2008|00:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[29/04/2008|22:33] C:\DOCUME~1\Jacqui\APPLIC~1\Google
[17/02/2007|05:46] C:\DOCUME~1\Jacqui\APPLIC~1\Identities
[15/06/2008|13:22] C:\DOCUME~1\Jacqui\APPLIC~1\Logitech
[07/05/2007|21:49] C:\DOCUME~1\Jacqui\APPLIC~1\Microsoft
[29/04/2008|22:51] C:\DOCUME~1\Jacqui\APPLIC~1\Symantec

[26/10/2008|08:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/10/2008|15:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[19/01/2007|17:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[29/10/2008 01:00][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[12/09/2008 22:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/10/2008 23:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/03/2003 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/05/2007|16:38] C:\Program Files\360Share Pro
[17/06/2008|11:19] C:\Program Files\Adobe
[11/10/2008|17:02] C:\Program Files\AGEIA Technologies
[29/04/2008|21:45] C:\Program Files\AMD
[18/08/2008|08:25] C:\Program Files\Apple Software Update
[10/06/2008|05:50] C:\Program Files\Apple Software Update(2)
[19/01/2007|23:20] C:\Program Files\ArcSoft
[19/06/2008|01:16] C:\Program Files\Arturia
[19/01/2007|17:28] C:\Program Files\AvRack
[18/08/2008|08:24] C:\Program Files\Bonjour
[07/09/2008|19:55] C:\Program Files\Borland
[13/02/2007|15:34] C:\Program Files\BroadJump
[19/01/2007|23:22] C:\Program Files\Canon
[28/10/2008|05:25] C:\Program Files\CCleaner
[26/10/2008|08:34] C:\Program Files\Common Files
[19/06/2008|00:26] C:\Program Files\Creative
[05/07/2008|19:14] C:\Program Files\directx
[23/06/2008|09:37] C:\Program Files\DiscWizard for Windows
[28/06/2008|22:43] C:\Program Files\Doom 3
[10/03/2007|16:25] C:\Program Files\DVD Shrink
[17/06/2008|11:19] C:\Program Files\EINGANA
[07/04/2008|02:00] C:\Program Files\ffdshow
[11/02/2008|14:51] C:\Program Files\Google
[04/07/2008|19:08] C:\Program Files\HistoryKill 2007
[05/07/2008|08:38] C:\Program Files\HistoryKill 2008
[19/06/2008|01:20] C:\Program Files\iM Networks
[12/09/2008|08:14] C:\Program Files\InstallShield Installation Information
[10/06/2008|08:08] C:\Program Files\Intel Desktop Board
[15/10/2008|04:00] C:\Program Files\Internet Explorer
[18/08/2008|08:24] C:\Program Files\iPod
[18/08/2008|08:24] C:\Program Files\iTunes
[12/05/2007|16:37] C:\Program Files\Java
[21/01/2008|04:01] C:\Program Files\Ligos
[11/06/2008|01:51] C:\Program Files\Logitech
[07/09/2008|20:04] C:\Program Files\Maxis
[26/10/2008|08:33] C:\Program Files\McAfee
[23/10/2008|15:58] C:\Program Files\Messenger
[19/06/2008|21:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[28/10/2007|23:02] C:\Program Files\microsoft frontpage
[20/01/2007|03:09] C:\Program Files\Microsoft Games
[19/01/2007|23:07] C:\Program Files\Microsoft Office
[21/10/2008|23:50] C:\Program Files\Microsoft Silverlight
[19/06/2008|17:18] C:\Program Files\Microsoft SQL Server Compact Edition
[19/06/2008|17:23] C:\Program Files\Microsoft Synchronization Services
[27/10/2008|22:30] C:\Program Files\Microsoft Windows OneCare Live
[19/06/2008|20:42] C:\Program Files\Movie Maker
[19/01/2007|17:03] C:\Program Files\MSN
[19/01/2007|17:03] C:\Program Files\MSN Gaming Zone
[20/07/2008|14:06] C:\Program Files\My Hidden Folders
[14/09/2008|14:30] C:\Program Files\Napster
[13/09/2008|14:47] C:\Program Files\Nero
[19/06/2008|20:41] C:\Program Files\NetMeeting
[19/01/2007|17:03] C:\Program Files\Online Services
[19/06/2008|20:40] C:\Program Files\Outlook Express
[31/03/2008|15:38] C:\Program Files\Outlook Express Mail Alert
[10/06/2008|06:34] C:\Program Files\PC Drivers HeadQuarters
[20/01/2007|00:42] C:\Program Files\Philips Intelligent Agent
[12/08/2008|02:38] C:\Program Files\QuickTime
[10/06/2008|05:50] C:\Program Files\QuickTime(2)
[10/06/2008|07:31] C:\Program Files\Realtek AC97
[17/02/2007|07:09] C:\Program Files\RegistryPatrol3.0
[18/08/2008|08:18] C:\Program Files\Safari
[16/10/2007|22:17] C:\Program Files\Samsung
[19/01/2007|23:21] C:\Program Files\ScanSoft
[19/01/2007|17:19] C:\Program Files\Silicon Integrated Systems
[19/01/2007|17:20] C:\Program Files\SiS VGA Utilities V3.68
[28/06/2008|22:41] C:\Program Files\sisagp
[01/03/2007|09:17] C:\Program Files\Sonic
[13/08/2008|13:51] C:\Program Files\Steam
[17/02/2007|18:39] C:\Program Files\Steinberg
[29/01/2007|22:29] C:\Program Files\SuperUtility
[18/06/2008|16:00] C:\Program Files\Symantec
[01/04/2008|23:56] C:\Program Files\SystemRequirementsLab
[22/05/2008|22:12] C:\Program Files\THQ
[28/10/2008|21:22] C:\Program Files\Trend Micro
[24/10/2008|06:55] C:\Program Files\TuneUp Utilities 2008
[23/09/2008|19:27] C:\Program Files\TVAnts
[11/06/2008|01:58] C:\Program Files\UIU
[10/06/2008|08:08] C:\Program Files\Unibrain
[24/05/2007|15:06] C:\Program Files\Virgin Media Games
[26/02/2007|01:13] C:\Program Files\VirginBroadband
[19/12/2007|01:07] C:\Program Files\Windows Defender
[04/03/2008|00:35] C:\Program Files\Windows Media Connect 2
[19/06/2008|20:55] C:\Program Files\Windows Media Player
[19/06/2008|20:40] C:\Program Files\Windows NT
[28/10/2008|04:50] C:\Program Files\WindowsUpdate
[19/01/2007|17:06] C:\Program Files\xerox
[27/01/2007|16:35] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[28/12/2007|00:30] C:\Program Files\Common Files\Adobe
[13/09/2008|14:37] C:\Program Files\Common Files\Ahead
[09/06/2008|21:38] C:\Program Files\Common Files\Apple
[19/01/2007|23:08] C:\Program Files\Common Files\Designer
[01/04/2008|22:14] C:\Program Files\Common Files\EasyInfo
[12/02/2007|16:10] C:\Program Files\Common Files\InstallShield
[12/05/2007|16:36] C:\Program Files\Common Files\Java
[27/01/2007|13:30] C:\Program Files\Common Files\LightScribe
[11/06/2008|01:51] C:\Program Files\Common Files\Logitech
[22/05/2008|22:13] C:\Program Files\Common Files\Microsoft Shared
[13/02/2007|15:35] C:\Program Files\Common Files\Motive
[19/01/2007|17:04] C:\Program Files\Common Files\MSSoap
[14/07/2007|18:17] C:\Program Files\Common Files\Napster Shared
[13/09/2008|14:49] C:\Program Files\Common Files\Nero
[19/01/2007|23:21] C:\Program Files\Common Files\ScanSoft Shared
[19/01/2007|17:04] C:\Program Files\Common Files\Services
[01/03/2007|09:17] C:\Program Files\Common Files\Sonic Shared
[19/01/2007|16:09] C:\Program Files\Common Files\SpeechEngines
[18/06/2008|00:18] C:\Program Files\Common Files\Symantec Shared
[19/06/2008|20:40] C:\Program Files\Common Files\System
[11/10/2008|17:02] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 58 Processes )

IEXPLORE.EXE ~ [PID:1156]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Bevin\Cookies\bevin@adultfriendfinder[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 01:09:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\eedKQXbc.ini
C:\WINDOWS\system32\eedKQXbc.ini2
C:\WINDOWS\system32\cbXQKdee.dll
==> VUNDO <==



[F:16][D:6]-> C:\DOCUME~1\Bevin\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Bevin\Cookies
[F:432][D:10]-> C:\DOCUME~1\Bevin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 29/10/2008| 1:10 - Option : [1]

--------------------\\ Scan completed at 1:10:17


I will turn antivirus back on now,

Cheers

Revi
Go to the top of the page
 
+Quote Post
revi
post Oct 28 2008, 11:34 PM
Post #4


Member
**
Posts: 12
From: London England
OS: XP
The Virus that my anti-virus keep cleaning is Trojan Win32/vundo.1B

I will not be able to respond for a few hours as duty calls.

I will check once back from work.

Thanks again.

Revi
Go to the top of the page
 
+Quote Post
Rorschach112
post Oct 29 2008, 08:37 AM
Post #5


GeekU Teacher
Group Icon
Posts: 21,884
From: Dublin
OS: XP
Hello

Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :Processes
    explorer.exe

    :Services

    :Reg

    :Files
    C:\WINDOWS\system32\eedKQXbc.ini
    C:\WINDOWS\system32\eedKQXbc.ini2
    C:\WINDOWS\system32\cbXQKdee.dll

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
Go to the top of the page
 
+Quote Post
revi
post Oct 29 2008, 03:08 PM
Post #6


Member
**
Posts: 12
From: London England
OS: XP
Hi Rorschach112

I Trust you are well?

Here's the stuff you requested.


This post has been edited by revi: Oct 29 2008, 10:16 PM
Go to the top of the page
 
+Quote Post
revi
post Oct 29 2008, 03:13 PM
Post #7


Member
**
Posts: 12
From: London England
OS: XP
It did not all come out, I'll figure out how to zip and send again.

Revi
Go to the top of the page
 
+Quote Post
revi
post Oct 29 2008, 03:38 PM
Post #8


Member
**
Posts: 12
From: London England
OS: XP
I think I've done it right mate.

Pease let me know.

Thanks

Revi
Attached File(s)
Attached File  10292008_203755.zip ( 809bytes ) Number of downloads: 6
Attached File  OTScanIt.zip ( 25.84K ) Number of downloads: 19
 
Go to the top of the page
 
+Quote Post
Rorschach112
post Oct 30 2008, 09:29 AM
Post #9


GeekU Teacher
Group Icon
Posts: 21,884
From: Dublin
OS: XP
Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

QUOTE
[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> msmpeng.exe -> %ProgramFiles%\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {4D0C96E7-CA73-4E24-96F6-271BD3E024C8} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {566A8088-931B-434A-AC72-1DE5041692BA} [HKLM] -> %SystemRoot%\system32\cbXQKdee.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> "OTMoveIt" -> %UserProfile%\Desktop\OTMoveIt3.exe [C:\Documents and Settings\Bevin\Desktop\OTMoveIt3.exe]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> pmnlkJba ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{4D0C96E7-CA73-4E24-96F6-271BD3E024C8}" [HKLM] -> Reg Error: Key does not exist or could not be opened. []
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\cbXQKdee ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> InCD hkey=HKLM key=Run ->
YN -> NeroFilterCheck hkey=HKLM key=Run ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
YN -> .reg [@ = regfile] -> Reg Error: Key does not exist or could not be opened.
[Files/Folders - Created Within 90 Days]
NY -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> _OTMoveIt -> %SystemDrive%\_OTMove