Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infection with my computer [RESOLVED]


  • This topic is locked This topic is locked

#1
vehbi

vehbi

    Member

  • Member
  • PipPip
  • 13 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:57 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\ijyfcpqx\ybohijsz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\gpabupav.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: DVA Media - {DF69FC15-5D77-4679-9C27-FCD90846460F} - C:\WINDOWS\temlxopqqwm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: vnbptxlf - {D212F823-17B0-470A-832F-86D3B30EE0D1} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [xsqwnlyh] C:\WINDOWS\system32\gpabupav.exe
O4 - HKLM\..\Policies\Explorer\Run: [ipWeaZOZP8] C:\Documents and Settings\All Users\Application Data\ijyfcpqx\ybohijsz.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134404429541
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.we...bex/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: mgsvflkw - {6BD418B3-4BAE-407D-8F1B-373D3263A67B} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {C1CD85E3-2417-4112-AE83-4DE6A62B673C} - C:\WINDOWS\qdnkewfa.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9989 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you very much! I truly appreciate this response. However, I was so bent out of shape when I was attacked by a seeminly multitude of Trojans this morning, I sort of panicked and could not wait for your response. So, I am sure I did all the wrong things, but I fixed the problem that cost me nearly half a day. Here is what I did:

1. Downloaded HijackThis and deleted everything that it showed!
2. This obviously broke a lot of things. But, I rebooted in safe mode (with system recovery off) and ran HijackThis again and saw the list of "suspects" had been considerably decreased. I chose two dll's from the list and checked with the explorer to see their properties and discovered that they were created today (the day of the incident). I deleted both and then ran Hijack this again. It showed the same files deleted (surprise, surprise!) with a whole bunch of hexadecimal numbers next to them.
3. I went to regedit and deleted the two hexadecimal numbers from the registry.
4. I have a registered copy of regcure. I ran it in safe mode.
5. I ran msconfig and set it up to normal boot from there so that I won't reboot in safe mode again.
6. It came back and there were no virus messages. But, everything was broken. In other words, there was nothing in my system tray including MacAfee Virus protector. I fixed my Macafee Virus enterprise first by re-installing it. (I don't think it reinstalled but it fixed something) and then ran its updater. Then I ran the updater and it found 8 Trojans and deleted them this time.
7. I ran regcure again. Then I ran regedit one more time and searched for traces of the things that MacAfee had deleted already. I found a few of their keys and deleted them also.
8. I had to fix msnmsgr and one click answers by running them once (they had disappeared from the system tray)
8. I went to IE and reset the default page (the Trojan had set it up permanently to a junk web site).
9. Everything is working fine now. IE is fast and the system is running faster too. The only thing is that Outlook seems to be coming up a little slower than usual.
10. I am willing to go through the whole thing you described one more time. Do you think it is worth it?

Thank You very much!

Vehbi

Edited by vehbi, 11 April 2008 - 04:43 PM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I cannot say how much of a bad idea it was doing what you did

To restore the backups:
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next to everything in that window
  • Click Restore
  • Click Yes
  • Reboot your computer


Then go ahead with my previous instructions
  • 0

#5
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you so much! Here is my otscan log.

Attached Files


  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the SDFix report and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Don't attach the logs
  • 0

#7
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Deckard's System Scanner v20071014.68
Run by Vehbi Tasar on 2008-04-15 10:52:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 10:55:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Documents and Settings\Vehbi Tasar\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 5381 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 rmedia (Ricoh MediaCard Driver) - c:\windows\system32\drivers\rmedia.sys <Not Verified; REDC; Ricoh Media Controller>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 catchme - c:\docume~1\vehbit~1\locals~1\temp\catchme.sys (file missing)
R3 NSCIRDA (NSC Infrared Device Driver) - c:\windows\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.>
R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 Ser2pl (Prolific Serial port driver) - c:\windows\system32\drivers\ser2pl.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 09:24:36 450 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-04 10:25:00 282 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-03-06 04:08:29 384 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-16 11:25:56 404 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 23:41:50 0 d-------- C:\WINDOWS\ERUNT
2008-04-11 12:22:56 0 d-------- C:\temp
2008-04-11 10:14:53 0 d-------- C:\Program Files\AbsoluteTransfer
2008-04-11 10:14:44 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited
2008-04-11 10:14:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-04-11 09:28:01 0 d-------- C:\Program Files\Trend Micro
2008-04-11 09:13:25 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\TmpRecentIcons
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-11 07:21:42 4096 --a------ C:\WINDOWS\a.bat
2008-04-11 07:21:42 0 d-------- C:\Documents and Settings\Vehbi Tasar\Desktopvirii
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-11 07:21:41 0 d-------- C:\WINDOWS\system32smp
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-11 07:21:41 0 d-------- C:\WINDOWS\mslagent
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\bdn.com
2008-04-11 07:21:41 0 d-------- C:\Program Files\Inet Delivery
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\DesktopFWebdEditor.exe
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\Desktopfwebd.exe
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\Desktopfilemanagerclient.exe
2008-04-11 07:21:27 0 d-------- C:\Documents and Settings\All Users\Application Data\ijyfcpqx
2008-04-11 07:21:26 98304 --a------ C:\WINDOWS\system32\gpabupav.exe
2008-04-10 21:00:29 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Sun
2008-04-09 21:12:28 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\skypePM
2008-04-05 18:08:39 26 --a------ C:\WINDOWS\SW_Win2000X16.DLL
2008-04-05 18:08:22 78 --a------ C:\WINDOWS\SW_Win2000X9.DLL
2008-04-05 18:06:37 53248 --a------ C:\WINDOWS\system32\RegisterExe.exe <Not Verified; ; RegisterExe Application>
2008-04-05 18:06:34 221184 --a------ C:\WINDOWS\system32\SII_PDF.dll
2008-04-05 18:06:34 720896 --a------ C:\WINDOWS\system32\C-XLS.dll <Not Verified; Softinterface, Inc.; Softinterface Convert-XLS>
2008-04-05 18:06:34 131072 --a------ C:\WINDOWS\system32\CSVSpecialProcessing.dll
2008-04-05 18:06:33 0 d-------- C:\WINDOWS\system32\Resource
2008-04-05 18:06:32 225280 --a------ C:\WINDOWS\system32\DrakeCom.dll <Not Verified; ; DrakeCom Module>
2008-04-05 18:06:32 1409024 --a------ C:\WINDOWS\system32\Drake.dll <Not Verified; BCL Technologies; BCL Drake 7>
2008-04-05 18:06:30 0 d-------- C:\Program Files\Softinterface, Inc
2008-04-05 15:41:12 0 d-------- C:\Program Files\DVD Decrypter
2008-03-20 23:21:44 0 --a------ C:\Documents and Settings\Vehbi Tasar\LOG


-- Find3M Report ---------------------------------------------------------------

2008-04-11 12:32:31 0 d-------- C:\Program Files\1-Click Answers
2008-04-11 12:32:28 0 d-------- C:\Program Files\Common Files
2008-04-11 10:23:07 0 d-------- C:\Program Files\QuickTime
2008-04-11 10:13:30 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Skype
2008-04-11 10:13:29 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\DNA
2008-04-05 18:01:25 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\GoodSync
2008-04-05 17:55:36 0 d-------- C:\Program Files\Siber Systems
2008-03-25 15:15:20 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Intuit
2008-03-21 08:47:01 0 d-------- C:\Program Files\Citrix
2008-03-19 23:31:37 0 d-------- C:\Program Files\Java
2008-03-18 14:47:02 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\U3
2008-03-13 11:02:15 0 d-------- C:\Program Files\Skype
2008-03-11 20:00:26 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-03-11 20:00:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-11 20:00:05 0 d-------- C:\Program Files\Quicken
2008-03-09 09:29:11 0 d-------- C:\Program Files\DVD Shrink
2008-03-04 19:00:19 0 d-------- C:\Program Files\Windows Live
2008-03-04 18:59:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-28 12:26:12 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\TomTom
2008-02-28 12:25:52 0 d-------- C:\Program Files\TomTom HOME 2
2008-02-28 12:25:34 0 d-------- C:\Program Files\TomTom HOME
2008-02-28 12:23:21 0 d-------- C:\Program Files\TomTom DesktopSuite
2008-02-18 13:23:12 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\BitTorrent
2008-02-18 13:20:56 0 d-------- C:\Program Files\DNA
2008-02-17 08:43:37 0 d-------- C:\Program Files\ItsDeductible2006
2008-02-17 08:39:35 0 d-------- C:\Program Files\TurboTax


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/02/2005 06:39 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 09:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc0499bd-da63-11dc-964d-00904b1d9e16}]
Auto\command- Setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-15 10:56:39 ------------
  • 0

#8
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1200MHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1142.04 MiB / 646.75 MiB
Pagefile Memory (total/avail): 1970.86 MiB / 1608.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.25 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 17.72 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe"="C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe:*:Enabled:jre"
"C:\\Program Files\\Schwab\\SSPro\\SSPro.exe"="C:\\Program Files\\Schwab\\SSPro\\SSPro.exe:*:Enabled:StreetSmart Pro®"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\keyacc32.exe"="C:\\WINDOWS\\keyacc32.exe:*:Enabled:KeyAccess"
"C:\\Program Files\\AboutTime\\AboutTime.exe"="C:\\Program Files\\AboutTime\\AboutTime.exe:*:Enabled:AboutTime cient/server"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vehbi Tasar\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RESIDENCE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vehbi Tasar
LOGONSERVER=\\RESIDENCE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VEHBIT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VEHBIT~1\LOCALS~1\Temp
USERDOMAIN=RESIDENCE
USERNAME=Vehbi Tasar
USERPROFILE=C:\Documents and Settings\Vehbi Tasar
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Omur Tasar (admin)
Vehbi Tasar (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-Click Answers --> C:\Program Files\1-Click Answers\Answers.exe /Un
AboutTime --> "C:\Program Files\AboutTime\unins000.exe"
AbsoluteTransfer --> "C:\Program Files\AbsoluteTransfer\Uninstall.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Broadcom Gigabit Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Canon S520 --> C:\WINDOWS\system32\CNMCP3m.exe "-PRINTERNAMECanon S520" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst2\cnmi0409.dll"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell TrueMobile GPRS Driver --> C:\WINDOWS\system32\GC75DU.exe verbose
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Diff Doc --> "C:\Program Files\Softinterface, Inc\DiffDoc\unins000.exe"
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
GoodSync --> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HotKey --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TEXTware\HotKey\Uninst.isu"
Houghton Mifflin eReference Suite --> MsiExec.exe /X{E8D54BE3-7781-4B87-BB9F-62719B0E52A6}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft MapPoint Europe 2004 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790240}
Microsoft MapPoint North America 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{91120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
Palm Desktop --> MsiExec.exe /X{7DBBC522-F642-4D6C-A03F-22E49EB63437}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
RICOH Media Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C1388BE-AD32-47BC-B51F-A37F1245203C}\setup.exe" -l0x9 anything
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tetris --> C:\PROGRA~1\Tetris\UNWISE.EXE C:\PROGRA~1\Tetris\INSTALL.LOG
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2007 --> C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
Ulead VideoStudio 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Velocity Velocity 4.0 (Schwab) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Schwab\Velocity Velocity\System\DeIsL1.isu" -c"C:\PROGRA~1\Schwab\Velocity Velocity\System\Untuner.dll" Schwab
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type16491 / Success
Event Submitted/Written: 04/15/2008 09:32:01 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16484 / Warning
Event Submitted/Written: 04/14/2008 11:37:04 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\SDFix\apps\Process.exe contains PrcViewer Potentially Unwanted Program. The file was successfully deleted.

Event Record #/Type16483 / Warning
Event Submitted/Written: 04/14/2008 11:37:04 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\SDFIX\APPS\PROCESS.EXE contains PrcViewer Potentially Unwanted Program. The file was successfully deleted.

Event Record #/Type16482 / Warning
Event Submitted/Written: 04/14/2008 11:36:11 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\SDFix\apps\Process.exe contains PrcViewer Potentially Unwanted Program. The file was successfully deleted.

Event Record #/Type16481 / Warning
Event Submitted/Written: 04/14/2008 11:36:10 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\SDFIX\APPS\PROCESS.EXE contains PrcViewer Potentially Unwanted Program. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type67651 / Error
Event Submitted/Written: 04/15/2008 09:23:44 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type67650 / Error
Event Submitted/Written: 04/15/2008 09:23:11 AM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.

Event Record #/Type67648 / Warning
Event Submitted/Written: 04/15/2008 09:22:22 AM / 04/15/2008 09:22:49 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type67646 / Error
Event Submitted/Written: 04/15/2008 09:22:45 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.102 for the Network Card with network address 00904B1D9E16 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type67642 / Error
Event Submitted/Written: 04/15/2008 09:21:49 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-15 10:56:39 ------------
  • 0

#9
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
SDFix: Version 1.171
Run by Vehbi Tasar on Mon 04/14/2008 at 11:45 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Vehbi Tasar\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Vehbi Tasar\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Vehbi Tasar\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\WINDOWS\apoxqwfv.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\Web\def.htm - Deleted


Could Not Remove C:\WINDOWS\system32smp

Folder C:\Program Files\akl - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 09:24:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2008-04-15 10:55:13"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSyncr Manager Application"
"C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe"="C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe:*:Enabled:jre"
"C:\\Program Files\\Schwab\\SSPro\\SSPro.exe"="C:\\Program Files\\Schwab\\SSPro\\SSPro.exe:*:Enabled:StreetSmart Pror"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\keyacc32.exe"="C:\\WINDOWS\\keyacc32.exe:*:Enabled:KeyAccess"
"C:\\Program Files\\AboutTime\\AboutTime.exe"="C:\\Program Files\\AboutTime\\AboutTime.exe:*:Enabled:AboutTime cient/server"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

C:\WINDOWS\system32smp Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 6 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 1 Oct 2006 27,136 ...H. --- "C:\Documents and Settings\Vehbi Tasar\My Documents\~WRL0001.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITB.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\243d2aaf5ff8e39b62f16b2a566918fb\BIT7.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITD.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32491eff6ad2701ca09162e85f3af81a\BIT9.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad15fafe6eea422b922ca567c9dee6e\BIT8.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\853e0b70ea7110340ec607fe469d0b7d\BITA.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT4.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BITC.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITE.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT6.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Vehbi Tasar\Application Data\U3\temp\Launchpad Removal.exe"
Mon 3 Sep 2007 65,536 A..H. --- "C:\Documents and Settings\Omur Tasar\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"
Fri 14 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\download\BIT543.tmp"

Finished!
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> NavLogon ->
YN -> WRNotifier ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Answers... ->
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-861567501-688789844-1343024091-1005\] > -> HKEY_USERS\S-1-5-21-861567501-688789844-1343024091-1005\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Answers... ->
[Files/Folders - Created Within 90 days]
YY -> SDFix -> %SystemDrive%\SDFix
YY -> gpabupav.exe -> %SystemRoot%\System32\gpabupav.exe
YY -> RegisterExe.exe -> %SystemRoot%\System32\RegisterExe.exe
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> a.bat -> %SystemRoot%\a.bat
NY -> bdn.com -> %SystemRoot%\bdn.com
NY -> 9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> FVProtect.exe -> %SystemRoot%\FVProtect.exe
NY -> mslagent -> %SystemRoot%\mslagent
NY -> mssecu.exe -> %SystemRoot%\mssecu.exe
NY -> system32akttzn.exe -> %SystemRoot%\system32akttzn.exe
NY -> system32anticipator.dll -> %SystemRoot%\system32anticipator.dll
NY -> system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll
NY -> system32bdn.com -> %SystemRoot%\system32bdn.com
NY -> system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe
NY -> system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe
NY -> system32emesx.dll -> %SystemRoot%\system32emesx.dll
NY -> [email protected]@@k.dll -> %SystemRoot%\[email protected]@@k.dll
NY -> system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll
NY -> system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat
NY -> system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe
NY -> system32medup012.dll -> %SystemRoot%\system32medup012.dll
NY -> system32medup020.dll -> %SystemRoot%\system32medup020.dll
NY -> system32msgp.exe -> %SystemRoot%\system32msgp.exe
NY -> system32msnbho.dll -> %SystemRoot%\system32msnbho.dll
NY -> system32mssecu.exe -> %SystemRoot%\system32mssecu.exe
NY -> system32msvchost.exe -> %SystemRoot%\system32msvchost.exe
NY -> system32mtr2.exe -> %SystemRoot%\system32mtr2.exe
NY -> system32mwin32.exe -> %SystemRoot%\system32mwin32.exe
NY -> system32netode.exe -> %SystemRoot%\system32netode.exe
NY -> system32newsd32.exe -> %SystemRoot%\system32newsd32.exe
NY -> system32ps1.exe -> %SystemRoot%\system32ps1.exe
NY -> system32psof1.exe -> %SystemRoot%\system32psof1.exe
NY -> system32psoft1.exe -> %SystemRoot%\system32psoft1.exe
NY -> system32regc64.dll -> %SystemRoot%\system32regc64.dll
NY -> system32regm64.dll -> %SystemRoot%\system32regm64.dll
NY -> system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe
NY -> system32smp -> %SystemRoot%\system32smp
NY -> system32sncntr.exe -> %SystemRoot%\system32sncntr.exe
NY -> system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll
NY -> system32ssvchost.com -> %SystemRoot%\system32ssvchost.com
NY -> system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe
NY -> system32sysreq.exe -> %SystemRoot%\system32sysreq.exe
NY -> system32taack.dat -> %SystemRoot%\system32taack.dat
NY -> system32taack.exe -> %SystemRoot%\system32taack.exe
NY -> system32temp#01.exe -> %SystemRoot%\system32temp#01.exe
NY -> system32thun.dll -> %SystemRoot%\system32thun.dll
NY -> system32thun32.dll -> %SystemRoot%\system32thun32.dll
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
NY -> system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll
NY -> system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe
NY -> system32winsystem.exe -> %SystemRoot%\system32winsystem.exe
NY -> system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE
NY -> userconfig9x.dll -> %SystemRoot%\userconfig9x.dll
NY -> winsystem.exe -> %SystemRoot%\winsystem.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ijyfcpqx -> %AllUsersProfile%\Application Data\ijyfcpqx
NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
[Files/Folders - Modified Within 90 days]
NY -> SDFix -> %SystemDrive%\SDFix
NY -> a.bat -> %SystemRoot%\a.bat
NY -> bdn.com -> %SystemRoot%\bdn.com
NY -> mslagent -> %SystemRoot%\mslagent
NY -> mssecu.exe -> %SystemRoot%\mssecu.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ijyfcpqx -> %AllUsersProfile%\Application Data\ijyfcpqx
NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> ijyfcpqx -> C:\Documents and Settings\All Users\Application Data\ijyfcpqx
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Then post a new DSS log
  • 0

Advertisements


#11
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Answers...\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-688789844-1343024091-1005\Software\Microsoft\Internet Explorer\MenuExt\Answers...\ not found.
[Files/Folders - Created Within 90 days]
C:\SDFix\backups folder moved successfully.
C:\SDFix\apps\Replace\xp folder moved successfully.
C:\SDFix\apps\Replace\w2k folder moved successfully.
C:\SDFix\apps\Replace folder moved successfully.
C:\SDFix\apps folder moved successfully.
C:\SDFix folder moved successfully.
C:\WINDOWS\System32\gpabupav.exe moved successfully.
C:\WINDOWS\System32\RegisterExe.exe moved successfully.
C:\WINDOWS\a.bat moved successfully.
C:\WINDOWS\bdn.com moved successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\FVProtect.exe moved successfully.
C:\WINDOWS\mslagent folder moved successfully.
C:\WINDOWS\mssecu.exe moved successfully.
C:\WINDOWS\system32akttzn.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32anticipator.dll NOT unregistered.
C:\WINDOWS\system32anticipator.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32awtoolb.dll NOT unregistered.
C:\WINDOWS\system32awtoolb.dll moved successfully.
C:\WINDOWS\system32bdn.com moved successfully.
C:\WINDOWS\system32bsva-egihsg52.exe moved successfully.
C:\WINDOWS\system32dpcproxy.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32emesx.dll NOT unregistered.
C:\WINDOWS\system32emesx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\[email protected]@@k.dll
C:\WINDOWS\[email protected]@@k.dll NOT unregistered.
C:\WINDOWS\[email protected]@@k.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hoproxy.dll NOT unregistered.
C:\WINDOWS\system32hoproxy.dll moved successfully.
C:\WINDOWS\system32hxiwlgpm.dat moved successfully.
C:\WINDOWS\system32hxiwlgpm.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup012.dll NOT unregistered.
C:\WINDOWS\system32medup012.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup020.dll NOT unregistered.
C:\WINDOWS\system32medup020.dll moved successfully.
C:\WINDOWS\system32msgp.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msnbho.dll NOT unregistered.
C:\WINDOWS\system32msnbho.dll moved successfully.
C:\WINDOWS\system32mssecu.exe moved successfully.
C:\WINDOWS\system32msvchost.exe moved successfully.
C:\WINDOWS\system32mtr2.exe moved successfully.
C:\WINDOWS\system32mwin32.exe moved successfully.
C:\WINDOWS\system32netode.exe moved successfully.
C:\WINDOWS\system32newsd32.exe moved successfully.
C:\WINDOWS\system32ps1.exe moved successfully.
C:\WINDOWS\system32psof1.exe moved successfully.
C:\WINDOWS\system32psoft1.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regc64.dll NOT unregistered.
C:\WINDOWS\system32regc64.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regm64.dll NOT unregistered.
C:\WINDOWS\system32regm64.dll moved successfully.
C:\WINDOWS\system32Rundl1.exe moved successfully.
C:\WINDOWS\system32smp folder moved successfully.
C:\WINDOWS\system32sncntr.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssurf022.dll NOT unregistered.
C:\WINDOWS\system32ssurf022.dll moved successfully.
C:\WINDOWS\system32ssvchost.com moved successfully.
C:\WINDOWS\system32ssvchost.exe moved successfully.
C:\WINDOWS\system32sysreq.exe moved successfully.
C:\WINDOWS\system32taack.dat moved successfully.
C:\WINDOWS\system32taack.exe moved successfully.
C:\WINDOWS\system32temp#01.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun.dll NOT unregistered.
C:\WINDOWS\system32thun.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun32.dll NOT unregistered.
C:\WINDOWS\system32thun32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32VBIEWER.OCX NOT unregistered.
C:\WINDOWS\system32VBIEWER.OCX moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vbsys2.dll NOT unregistered.
C:\WINDOWS\system32vbsys2.dll moved successfully.
C:\WINDOWS\system32winlogonpc.exe moved successfully.
C:\WINDOWS\system32winsystem.exe moved successfully.
C:\WINDOWS\system32WINWGPX.EXE moved successfully.
LoadLibrary failed for C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\userconfig9x.dll NOT unregistered.
C:\WINDOWS\userconfig9x.dll moved successfully.
C:\WINDOWS\winsystem.exe moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\ijyfcpqx folder moved successfully.
C:\Documents and Settings\Vehbi Tasar\Desktop\SDFix.exe moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\SDFix not found!
File C:\WINDOWS\a.bat not found!
File C:\WINDOWS\bdn.com not found!
File C:\WINDOWS\mslagent not found!
File C:\WINDOWS\mssecu.exe not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Application Data\ijyfcpqx not found!
File C:\Documents and Settings\Vehbi Tasar\Desktop\SDFix.exe not found!
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Application Data\ijyfcpqx not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temp\~DFF570.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temp\~DFF57A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.Word\~WRS{A9DA1BD9-DABE-4F64-BCE5-9039A14BF9D3}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\Z6EAS8O8\burstBox[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\Z6EAS8O8\rss[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\PRSXEDAK\infection-computer-t194475[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\PRSXEDAK\tacoda-burstDefaulta728[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\71DB230R\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\62EMGVTW\rss[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\2WMLHRAB\today[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Vehbi Tasar\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.9.0 fix logfile created on 04172008_213323
  • 0

#12
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Deckard's System Scanner v20071014.68
Run by Vehbi Tasar on 2008-04-17 21:50:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 21:52:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vehbi Tasar\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 5116 bytes

-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-15 09:46:05 0 d-------- C:\OTScanIt
2008-04-14 23:41:50 0 d-------- C:\WINDOWS\ERUNT
2008-04-11 12:22:56 0 d-------- C:\temp
2008-04-11 10:14:53 0 d-------- C:\Program Files\AbsoluteTransfer
2008-04-11 10:14:44 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited
2008-04-11 10:14:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-04-11 09:28:01 0 d-------- C:\Program Files\Trend Micro
2008-04-11 09:13:25 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\TmpRecentIcons
2008-04-11 07:21:42 0 d-------- C:\Documents and Settings\Vehbi Tasar\Desktopvirii
2008-04-11 07:21:41 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-11 07:21:41 0 d-------- C:\Program Files\Inet Delivery
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\DesktopFWebdEditor.exe
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\Desktopfwebd.exe
2008-04-11 07:21:41 4096 --a------ C:\Documents and Settings\Vehbi Tasar\Desktopfilemanagerclient.exe
2008-04-10 21:00:29 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Sun
2008-04-09 21:12:28 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\skypePM
2008-04-05 18:08:39 26 --a------ C:\WINDOWS\SW_Win2000X16.DLL
2008-04-05 18:08:22 78 --a------ C:\WINDOWS\SW_Win2000X9.DLL
2008-04-05 18:06:34 221184 --a------ C:\WINDOWS\system32\SII_PDF.dll
2008-04-05 18:06:34 720896 --a------ C:\WINDOWS\system32\C-XLS.dll <Not Verified; Softinterface, Inc.; Softinterface Convert-XLS>
2008-04-05 18:06:34 131072 --a------ C:\WINDOWS\system32\CSVSpecialProcessing.dll
2008-04-05 18:06:33 0 d-------- C:\WINDOWS\system32\Resource
2008-04-05 18:06:32 225280 --a------ C:\WINDOWS\system32\DrakeCom.dll <Not Verified; ; DrakeCom Module>
2008-04-05 18:06:32 1409024 --a------ C:\WINDOWS\system32\Drake.dll <Not Verified; BCL Technologies; BCL Drake 7>
2008-04-05 18:06:30 0 d-------- C:\Program Files\Softinterface, Inc
2008-04-05 15:41:12 0 d-------- C:\Program Files\DVD Decrypter
2008-03-20 23:21:44 0 --a------ C:\Documents and Settings\Vehbi Tasar\LOG


-- Find3M Report ---------------------------------------------------------------

2008-04-17 10:59:07 0 d-------- C:\Program Files\eRef
2008-04-11 12:32:31 0 d-------- C:\Program Files\1-Click Answers
2008-04-11 12:32:28 0 d-------- C:\Program Files\Common Files
2008-04-11 10:23:07 0 d-------- C:\Program Files\QuickTime
2008-04-11 10:13:30 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Skype
2008-04-11 10:13:29 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\DNA
2008-04-05 18:01:25 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\GoodSync
2008-04-05 17:55:36 0 d-------- C:\Program Files\Siber Systems
2008-03-25 15:15:20 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\Intuit
2008-03-21 08:47:01 0 d-------- C:\Program Files\Citrix
2008-03-19 23:31:37 0 d-------- C:\Program Files\Java
2008-03-18 14:47:02 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\U3
2008-03-13 11:02:15 0 d-------- C:\Program Files\Skype
2008-03-11 20:00:26 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-03-11 20:00:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-11 20:00:05 0 d-------- C:\Program Files\Quicken
2008-03-09 09:29:11 0 d-------- C:\Program Files\DVD Shrink
2008-03-04 19:00:19 0 d-------- C:\Program Files\Windows Live
2008-03-04 18:59:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-28 12:26:12 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\TomTom
2008-02-28 12:25:52 0 d-------- C:\Program Files\TomTom HOME 2
2008-02-28 12:25:34 0 d-------- C:\Program Files\TomTom HOME
2008-02-28 12:23:21 0 d-------- C:\Program Files\TomTom DesktopSuite
2008-02-18 13:23:12 0 d-------- C:\Documents and Settings\Vehbi Tasar\Application Data\BitTorrent
2008-02-18 13:20:56 0 d-------- C:\Program Files\DNA
2008-02-17 08:43:37 0 d-------- C:\Program Files\ItsDeductible2006
2008-02-17 08:39:35 0 d-------- C:\Program Files\TurboTax


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/02/2005 06:39 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 09:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc0499bd-da63-11dc-964d-00904b1d9e16}]
Auto\command- Setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-17 21:53:00 ------------
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Vehbi Tasar\Desktopvirii
    C:\WINDOWS\system32vcatchpi.dll
    C:\Program Files\Inet Delivery
    C:\Documents and Settings\Vehbi Tasar\DesktopFWebdEditor.exe
    C:\Documents and Settings\Vehbi Tasar\Desktopfwebd.exe
    C:\Documents and Settings\Vehbi Tasar\Desktopfilemanagerclient.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc0499bd-da63-11dc-964d-00904b1d9e16}
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new DSS log and tell me how your PC is running
  • 0

#14
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Explorer killed successfully
C:\Documents and Settings\Vehbi Tasar\Desktopvirii moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vcatchpi.dll NOT unregistered.
C:\WINDOWS\system32vcatchpi.dll moved successfully.
C:\Program Files\Inet Delivery moved successfully.
C:\Documents and Settings\Vehbi Tasar\DesktopFWebdEditor.exe moved successfully.
C:\Documents and Settings\Vehbi Tasar\Desktopfwebd.exe moved successfully.
C:\Documents and Settings\Vehbi Tasar\Desktopfilemanagerclient.exe moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc0499bd-da63-11dc-964d-00904b1d9e16} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc0499bd-da63-11dc-964d-00904b1d9e16}\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04182008_154818
  • 0

#15
vehbi

vehbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.11
Database version: 651

Scan type: Full Scan (C:\|)
Objects scanned: 101550
Time elapsed: 1 hour(s), 17 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{06c53d22-d484-45d1-812f-b8567280f1b0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d9f7caf2-2ae7-4c45-9d27-7d203aa5bd9f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{25b46f9b-bc5e-49d9-9654-c27a95a9da39} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d2b6ff00-b234-41be-9e3f-118fbac4b97a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e209e7d8-8d9c-4c25-9ef2-bf7b2cc48a03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vnbptxlf.blsf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vnbptxlf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Files Infected:
C:\OTScanIt\MovedFiles\04172008_213323\Documents and Settings\All Users\Application Data\ijyfcpqx\ybohijsz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\OTScanIt\MovedFiles\04172008_213323\WINDOWS\System32\gpabupav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\UnRAR.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080411101450366.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vehbi Tasar\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omur Tasar\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP