Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Some Help =]


  • Please log in to reply

#16
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It shows a couple of them successfully moved but the rest I dont know and it says (Not responding)

It also shows that the most of the files/folders were not found?

Edited by n33d_s0me_help, 07 April 2008 - 07:19 PM.

  • 0

Advertisements


#17
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ah there it goes, apparently un-checking the "Unregistered Dll's and Ocx's" fixed it all files were successfully moved heres the log file i suppose

C:\WINDOWS\2020search2.dll moved successfully.
C:\WINDOWS\2020search.dll moved successfully.
C:\WINDOWS\180ax.exe moved successfully.
C:\WINDOWS\updatetc.exe moved successfully.
C:\WINDOWS\FLEOK moved successfully.
C:\Program Files\180search assistant moved successfully.
C:\Program Files\180solutions moved successfully.
C:\Program Files\180searchassistant moved successfully.
C:\Program Files\zango moved successfully.
C:\WINDOWS\voiceip.dll moved successfully.
C:\WINDOWS\swin32.dll moved successfully.
C:\WINDOWS\stcloader.exe moved successfully.
C:\WINDOWS\mssvr.exe moved successfully.
C:\WINDOWS\cdsm32.dll moved successfully.
C:\WINDOWS\bokja.exe moved successfully.
C:\Program Files\stc moved successfully.
C:\WINDOWS\mspphe.dll moved successfully.
C:\WINDOWS\bjam.dll moved successfully.
C:\Program Files\seekmo moved successfully.
C:\WINDOWS\system32\WER8274.DLL moved successfully.
C:\WINDOWS\system32\MSIXU.DLL moved successfully.
C:\WINDOWS\salm.exe moved successfully.
C:\WINDOWS\saiemod.dll moved successfully.
C:\WINDOWS\system32\MSNSA32.dll moved successfully.
C:\WINDOWS\msapasrc.dll moved successfully.
C:\WINDOWS\msa64chk.dll moved successfully.
C:\WINDOWS\system32\SIPSPI32.dll moved successfully.
C:\WINDOWS\system32\shdocpe.dll moved successfully.
C:\WINDOWS\system32\ntnut32.exe moved successfully.
C:\WINDOWS\shdocpl.dll moved successfully.
C:\WINDOWS\shdocpe.dll moved successfully.
C:\WINDOWS\ntnut.exe moved successfully.
C:\WINDOWS\winsb.dll moved successfully.
C:\WINDOWS\browserad.dll moved successfully.
C:\WINDOWS\aviwrap32.dll moved successfully.
C:\WINDOWS\avisynthex32.dll moved successfully.
C:\WINDOWS\avifile32.dll moved successfully.
C:\WINDOWS\autodisc32.dll moved successfully.
C:\WINDOWS\audiosrv32.dll moved successfully.
C:\Program Files\Sysmnt moved successfully.
C:\WINDOWS\ati2dvag32.dll moved successfully.
C:\WINDOWS\ati2dvaa32.dll moved successfully.
C:\WINDOWS\athprxy32.dll moved successfully.
C:\WINDOWS\asycfilt32.dll moved successfully.
C:\WINDOWS\asferror32.dll moved successfully.
C:\WINDOWS\changeurl_30.dll moved successfully.
C:\WINDOWS\apphelp32.dll moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\Rabio not found.
File/Folder C:\WINDOWS\system32\vabatcda.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\jidmpyjo not found.
C:\WINDOWS\utodidgn.dll moved successfully.
C:\Program Files\QdrModule moved successfully.
C:\Program Files\Bat moved successfully.
C:\Program Files\QdrDrive moved successfully.
C:\Program Files\ISM moved successfully.
C:\WINDOWS\system32\winfrun32.bin moved successfully.
C:\WINDOWS\system32\wmsdkns.exe moved successfully.
C:\WINDOWS\system32\000090.exe moved successfully.
C:\WINDOWS\system32\000080.exe moved successfully.
File/Folder C:\WINDOWS\utodidgn.dll not found.
C:\WINDOWS\default.htm moved successfully.
File/Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\ie.exe not found.
< HKLM\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zofcvuru >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zofcvuru deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows update loader >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows update loader deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QdrModule15 >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QdrModule15 deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Installer >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Installer deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bjhocmfn >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bjhocmfn deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\zVG9rR7qxf >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\zVG9rR7qxf deleted successfully.
< purity >
C:\WINDOWS\ѕуstem moved successfully.
C:\Program Files\аѕsembly moved successfully.
C:\Documents and Settings\Owner\Application Data\aѕsembly moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04072008_212038
  • 0

#18
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok tried to run the COmboFix again and nothing, now it just froze
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please run dss again and post the log that it produces.
  • 0

#20
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-07 22:00:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:07 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RJs School Work\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - C:\WINDOWS\utodidgn.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.af.mil
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164354781812
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....lls/Coupons.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E8318A-84DC-46FB-A6CE-1602C257B8C4}: NameServer = 192.168.1.1,71.200.168.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{89A780D2-F381-4E22-BA95-3067C474CAF5}: NameServer = 192.168.1.1,71.200.168.82
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

--
End of file - 11027 bytes

-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 21:34:52 0 d-------- C:\Combo-Fix
2008-04-07 21:22:08 11520 --a------ C:\WINDOWS\voiceip.dll
2008-04-07 21:22:08 28416 --a------ C:\WINDOWS\swin32.dll
2008-04-07 21:22:08 26880 --a------ C:\WINDOWS\stcloader.exe
2008-04-07 21:22:08 18176 --a------ C:\WINDOWS\cdsm32.dll
2008-04-07 21:22:08 0 d-------- C:\Program Files\stc
2008-04-07 21:22:07 18944 --a------ C:\WINDOWS\mssvr.exe
2008-04-07 21:22:07 9472 --a------ C:\WINDOWS\mspphe.dll
2008-04-07 21:22:07 23296 --a------ C:\WINDOWS\bokja.exe
2008-04-07 21:22:07 16640 --a------ C:\WINDOWS\bjam.dll
2008-04-07 21:22:07 19456 --a------ C:\WINDOWS\2020search2.dll
2008-04-07 21:22:07 13056 --a------ C:\WINDOWS\2020search.dll
2008-04-07 21:22:07 0 d-------- C:\Program Files\seekmo
2008-04-07 21:22:06 13312 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-07 21:22:06 26368 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-07 21:22:06 13056 --a------ C:\WINDOWS\salm.exe
2008-04-07 21:22:06 25088 --a------ C:\WINDOWS\180ax.exe
2008-04-07 21:22:06 0 d-------- C:\Program Files\zango
2008-04-07 21:22:05 31232 --a------ C:\WINDOWS\updatetc.exe
2008-04-07 21:22:05 20992 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-07 21:22:05 11520 --a------ C:\WINDOWS\saiemod.dll
2008-04-07 21:22:05 30464 --a------ C:\WINDOWS\msapasrc.dll
2008-04-07 21:22:05 0 d-------- C:\WINDOWS\FLEOK
2008-04-07 21:22:04 32256 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-07 21:22:04 27136 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-07 21:22:04 16896 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 21:22:04 10752 --a------ C:\WINDOWS\shdocpl.dll
2008-04-07 21:22:04 19456 --a------ C:\WINDOWS\shdocpe.dll
2008-04-07 21:22:04 12288 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 21:22:04 10496 --a------ C:\WINDOWS\msa64chk.dll
2008-04-07 21:22:03 11008 --a------ C:\WINDOWS\winsb.dll
2008-04-07 21:22:03 19200 --a------ C:\WINDOWS\browserad.dll
2008-04-07 21:22:03 8960 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-07 21:22:03 19968 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-07 21:22:03 15360 --a------ C:\WINDOWS\avifile32.dll
2008-04-07 21:22:03 14848 --a------ C:\WINDOWS\autodisc32.dll
2008-04-07 21:22:03 10496 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-07 21:22:03 27648 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-07 21:22:03 28160 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-07 21:22:03 0 d-------- C:\Program Files\Sysmnt
2008-04-07 21:22:02 8704 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-07 21:22:02 10240 --a------ C:\WINDOWS\athprxy32.dll
2008-04-07 21:22:02 11264 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-07 21:22:02 17664 --a------ C:\WINDOWS\asferror32.dll
2008-04-07 21:22:02 23296 --a------ C:\WINDOWS\apphelp32.dll
2008-04-07 20:41:16 4516 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 20:41:03 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 20:41:03 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-07 20:41:03 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-07 20:41:03 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-07 20:41:03 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-07 20:41:03 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 20:41:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-07 20:38:11 0 d-------- C:\Kahdah
2008-04-07 20:08:09 0 d-------- C:\Program Files\Trend Micro
2008-04-07 20:02:56 0 d-------- C:\Program Files\PC-Cleaner
2008-04-05 16:43:46 67584 --a------ C:\Documents and Settings\All Users\Application Data\zofcvuru.dll
2008-04-01 14:32:16 0 d-------- C:\ASDF
2008-03-21 17:46:25 0 d-------- C:\THE_BRAVE_ONE
2008-03-21 14:42:30 0 d-------- C:\I_AM_LEGEND
2008-03-18 15:36:53 0 d-------- C:\AUGUST_RUSH


-- Find3M Report ---------------------------------------------------------------

2008-04-07 21:41:46 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-06 18:24:57 0 d-------- C:\Program Files\Common Files
2008-04-05 20:25:27 0 d-------- C:\Program Files\Coupons
2008-03-26 23:11:34 0 d-------- C:\Documents and Settings\Owner\Application Data\BearShare
2008-03-03 23:45:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-29 08:30:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-02-23 20:08:49 734368 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-02-23 10:12:08 0 d-------- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
12/02/2007 10:13 AM 394680 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1f03258-1dd1-11b2-844a-d95ac99666f6}]
C:\WINDOWS\utodidgn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 02:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 07:04 PM]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/18/2006 08:31 PM]
"CHotkey"="zHotkey.exe" [05/17/2004 10:30 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 01:09 PM C:\WINDOWS\ShowWnd.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 09:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [11/10/2003 10:23 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/01/2004 04:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/01/2004 03:55 PM]
"SoundMan"="SOUNDMAN.EXE" [10/21/2004 07:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/21/2004 10:44 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [10/13/2004 09:00 PM C:\WINDOWS\ALCMTR.EXE]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"acEventServ"="C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe" [07/01/2003 09:42 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 09:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 07:27 PM]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [08/27/2001 11:52 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 10:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [08/07/2006 11:06 AM]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe [3/19/2003 11:27:24 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Creating Keepsakes Scrapbook Designer Event Reminder.lnk - C:\Program Files\Scrapbook Designer\scrapremind.exe [1/11/2005 2:40:48 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
acauth.dll 12/17/2002 12:11 PM 65536 C:\WINDOWS\system32\acauth.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb554b7-73b3-11dc-b011-0013204e45ad}]
AutoRun\command- K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b536ab6e-9082-11db-ae38-0013204e45ad}]
AutoRun\command- L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7dd640-6af3-11dc-b008-0013204e45ad}]
AutoRun\command- L:\COZAAR_HYZAAR.exe




-- End of Deckard's System Scanner: finished at 2008-04-07 22:01:59 ------------
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Do you know what this file is related to >COZAAR_HYZAAR.exe?
==========================================
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\voiceip.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search.dll
C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\salm.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\utodidgn.dll

Folders to delete:
C:\Program Files\stc
C:\Program Files\seekmo
C:\Program Files\zango
C:\WINDOWS\FLEOK
C:\Program Files\Sysmnt
C:\Program Files\Coupons

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\policies\system | DisableTaskMgr
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableTaskMgr

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
=========================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
============================
After that please post these logs:
the Avenger log
Mbam log
New dss log

  • 0

#22
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 22:28:46 2008

22:27:51: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\voiceip.dll" deleted successfully.
File "C:\WINDOWS\swin32.dll" deleted successfully.
File "C:\WINDOWS\stcloader.exe" deleted successfully.
File "C:\WINDOWS\cdsm32.dll" deleted successfully.
File "C:\WINDOWS\mssvr.exe" deleted successfully.
File "C:\WINDOWS\mspphe.dll" deleted successfully.
File "C:\WINDOWS\bokja.exe" deleted successfully.
File "C:\WINDOWS\bjam.dll" deleted successfully.
File "C:\WINDOWS\2020search2.dll" deleted successfully.
File "C:\WINDOWS\2020search.dll" deleted successfully.
File "C:\WINDOWS\system32\WER8274.DLL" deleted successfully.
File "C:\WINDOWS\system32\MSIXU.DLL" deleted successfully.
File "C:\WINDOWS\salm.exe" deleted successfully.
File "C:\WINDOWS\180ax.exe" deleted successfully.
File "C:\WINDOWS\updatetc.exe" deleted successfully.
File "C:\WINDOWS\system32\MSNSA32.dll" deleted successfully.
File "C:\WINDOWS\saiemod.dll" deleted successfully.
File "C:\WINDOWS\msapasrc.dll" deleted successfully.
File "C:\WINDOWS\system32\SIPSPI32.dll" deleted successfully.
File "C:\WINDOWS\system32\shdocpe.dll" deleted successfully.
File "C:\WINDOWS\system32\ntnut32.exe" deleted successfully.
File "C:\WINDOWS\shdocpl.dll" deleted successfully.
File "C:\WINDOWS\shdocpe.dll" deleted successfully.
File "C:\WINDOWS\ntnut.exe" deleted successfully.
File "C:\WINDOWS\msa64chk.dll" deleted successfully.
File "C:\WINDOWS\winsb.dll" deleted successfully.
File "C:\WINDOWS\browserad.dll" deleted successfully.
File "C:\WINDOWS\aviwrap32.dll" deleted successfully.
File "C:\WINDOWS\avisynthex32.dll" deleted successfully.
File "C:\WINDOWS\avifile32.dll" deleted successfully.
File "C:\WINDOWS\autodisc32.dll" deleted successfully.
File "C:\WINDOWS\audiosrv32.dll" deleted successfully.
File "C:\WINDOWS\ati2dvag32.dll" deleted successfully.
File "C:\WINDOWS\ati2dvaa32.dll" deleted successfully.
File "C:\WINDOWS\changeurl_30.dll" deleted successfully.
File "C:\WINDOWS\athprxy32.dll" deleted successfully.
File "C:\WINDOWS\asycfilt32.dll" deleted successfully.
File "C:\WINDOWS\asferror32.dll" deleted successfully.
File "C:\WINDOWS\apphelp32.dll" deleted successfully.

Error: file "C:\WINDOWS\utodidgn.dll" not found!
Deletion of file "C:\WINDOWS\utodidgn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\stc" deleted successfully.
Folder "C:\Program Files\seekmo" deleted successfully.
Folder "C:\Program Files\zango" deleted successfully.
Folder "C:\WINDOWS\FLEOK" deleted successfully.
Folder "C:\Program Files\Sysmnt" deleted successfully.
Folder "C:\Program Files\Coupons" deleted successfully.

Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS


Error: could not delete registry value "HKLM\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr"
Deletion of registry value "HKLM\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok go ahead with the rest of the instructions.
  • 0

#24
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ok, so far 22 found infections
  • 0

#25
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please post the log when it finishes.
  • 0

Advertisements


#26
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok heres the log file


Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 154117
Time elapsed: 52 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\QdrModule (Adware.ISM) -> No action taken.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISM (Adware.ISM) -> No action taken.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> No action taken.

Files Infected:
C:\Deckard\System Scanner\20080407220023\backup\DOCUME~1\Owner\LOCALS~1\Temp\outerinfo.ico (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP813\A0044210.dll (Adware.Batco) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP813\A0044316.exe (Adware.ClickSpring) -> No action taken.
C:\_OTMoveIt\MovedFiles\04072008_210919\Documents and Settings\All Users\Application Data\jidmpyjo\nmjgpmhg.exe (Trojan.FakeAlert) -> No action taken.
C:\_OTMoveIt\MovedFiles\04072008_210919\WINDOWS\system32\vabatcda.exe (Trojan.FakeAlert) -> No action taken.
C:\_OTMoveIt\MovedFiles\04072008_212038\Program Files\Bat\un_BatSetup_15041.exe (Adware.Rabio) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> No action taken.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.
  • 0

#27
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your log shows that you didn't remove the infections.
Did you fix them after you ran the scan?

If not then you will have to rerun the scan and let the scanner remove the infections.
  • 0

#28
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ok removing them now
  • 0

#29
n33d_s0me_help

n33d_s0me_help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153053
Time elapsed: 53 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\20080407220023\backup\DOCUME~1\Owner\LOCALS~1\Temp\bbneww.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP820\A0045763.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04072008_212038\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#30
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Please run dss again and post the log it produces.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP