Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Trojan.Yspy

Started by kelkay , Jun 10 2008 07:09 AM

  • This topic is locked This topic is locked

#211
kelkay
Posted 06 July 2008 - 09:40 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I did not see fix.bat among anything on haxfix. Haxfix did not show up on programs, and it only had the .exe file, prefetch...not bat files to click on.

I ran the autofix part of Haxfix though. It said access denied everytime it asked me if I was sure I wanted to act on that file by typing Y and enter.


HAXFIX logfile - by Marckie

version 5.01.1
Sun 07/06/2008 10:10:48.37

--- Auto Haxdoorfix ---


Haxdoorfix Part 1

no infections found


Haxdoorfix Part 2

searching for notifykeys
no notifykeys found

searching for services
no services found

searching for safeboot services
no safeboot services found


--- Goldunfix ---


searching for other goldun- and haxdoorfiles:
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\C3.DLL
C:\WINDOWS\system32\C3.SYS
C:\WINDOWS\system32\C4.SYS
C:\WINDOWS\system32\fuxx32.dll
C:\WINDOWS\system32\klo5.sys
C:\WINDOWS\system32\qo.dll
C:\WINDOWS\system32\qo.sys
C:\WINDOWS\system32\qy.sys
C:\WINDOWS\system32\qz.dll
C:\WINDOWS\system32\qz.sys
C:\WINDOWS\system32\yvpp01.dll
C:\WINDOWS\system32\yvpp02.sys

checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys
no SSODLkeys found

searching for notifykeys
no notify keys found

searching for services
no services found


--- Registrysettings ---

not necessary


.....rebooting the computer.....


--- searching for ssodlkeys ---

not necessary


--- searching for notifykeys ---

not necessary


--- searching for services ---

not necessary


--- searching for safeboot services ---

not necessary


--- searching for files ---

C:\WINDOWS\system32\bdod.bin found
deleting C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\bdod.bin has been deleted

C:\WINDOWS\system32\C3.DLL found
deleting C:\WINDOWS\system32\C3.DLL
C:\WINDOWS\system32\C3.DLL has not been deleted

C:\WINDOWS\system32\C3.SYS found
deleting C:\WINDOWS\system32\C3.SYS
C:\WINDOWS\system32\C3.SYS has not been deleted

C:\WINDOWS\system32\C4.SYS found
deleting C:\WINDOWS\system32\C4.SYS
C:\WINDOWS\system32\C4.SYS has not been deleted

C:\WINDOWS\system32\fuxx32.dll found
deleting C:\WINDOWS\system32\fuxx32.dll
C:\WINDOWS\system32\fuxx32.dll has not been deleted

C:\WINDOWS\system32\klo5.sys found
deleting C:\WINDOWS\system32\klo5.sys
C:\WINDOWS\system32\klo5.sys has not been deleted

C:\WINDOWS\system32\qo.dll found
deleting C:\WINDOWS\system32\qo.dll
C:\WINDOWS\system32\qo.dll has not been deleted

C:\WINDOWS\system32\qo.sys found
deleting C:\WINDOWS\system32\qo.sys
C:\WINDOWS\system32\qo.sys has not been deleted

C:\WINDOWS\system32\qy.sys found
deleting C:\WINDOWS\system32\qy.sys
C:\WINDOWS\system32\qy.sys has not been deleted

C:\WINDOWS\system32\qz.dll found
deleting C:\WINDOWS\system32\qz.dll
C:\WINDOWS\system32\qz.dll has not been deleted

C:\WINDOWS\system32\qz.sys found
deleting C:\WINDOWS\system32\qz.sys
C:\WINDOWS\system32\qz.sys has not been deleted

C:\WINDOWS\system32\yvpp01.dll found
deleting C:\WINDOWS\system32\yvpp01.dll
C:\WINDOWS\system32\yvpp01.dll has not been deleted

C:\WINDOWS\system32\yvpp02.sys found
deleting C:\WINDOWS\system32\yvpp02.sys
C:\WINDOWS\system32\yvpp02.sys has not been deleted


--- searching for other files in the system32 folder ---

C:\WINDOWS\system32\C3.DLL found
deleting C:\WINDOWS\system32\C3.DLL
C:\WINDOWS\system32\C3.DLL has not been deleted

C:\WINDOWS\system32\C3.SYS found
deleting C:\WINDOWS\system32\C3.SYS
C:\WINDOWS\system32\C3.SYS has not been deleted

C:\WINDOWS\system32\C4.SYS found
deleting C:\WINDOWS\system32\C4.SYS
C:\WINDOWS\system32\C4.SYS has not been deleted

C:\WINDOWS\system32\fuxx32.dll found
deleting C:\WINDOWS\system32\fuxx32.dll
C:\WINDOWS\system32\fuxx32.dll has not been deleted

C:\WINDOWS\system32\klo5.sys found
deleting C:\WINDOWS\system32\klo5.sys
C:\WINDOWS\system32\klo5.sys has not been deleted

C:\WINDOWS\system32\qo.dll found
deleting C:\WINDOWS\system32\qo.dll
C:\WINDOWS\system32\qo.dll has not been deleted

C:\WINDOWS\system32\qo.sys found
deleting C:\WINDOWS\system32\qo.sys
C:\WINDOWS\system32\qo.sys has not been deleted

C:\WINDOWS\system32\qy.sys found
deleting C:\WINDOWS\system32\qy.sys
C:\WINDOWS\system32\qy.sys has not been deleted

C:\WINDOWS\system32\qz.dll found
deleting C:\WINDOWS\system32\qz.dll
C:\WINDOWS\system32\qz.dll has not been deleted

C:\WINDOWS\system32\qz.sys found
deleting C:\WINDOWS\system32\qz.sys
C:\WINDOWS\system32\qz.sys has not been deleted

C:\WINDOWS\system32\yvpp01.dll found
deleting C:\WINDOWS\system32\yvpp01.dll
C:\WINDOWS\system32\yvpp01.dll has not been deleted

C:\WINDOWS\system32\yvpp02.sys found
deleting C:\WINDOWS\system32\yvpp02.sys
C:\WINDOWS\system32\yvpp02.sys has not been deleted


--- searching for other files in windows folder ---

no other files found in the windows folder


--- searching for a3d files ---

no a3d files found


--- checking registry settings ---

not necessary


--- Catchme logfile ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 10:18:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Finished
  • 0

Advertisements

#212
kelkay
Posted 06 July 2008 - 09:42 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:53, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9056 bytes
  • 0

#213
kelkay
Posted 06 July 2008 - 09:55 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I have not run aproposfix until I hear from you about the bat file problem with haxfix. I imagine it has to be done in order, and I did not get it complete right, so thought it best to wait until I hear from you.
  • 0

#214
koko_crunch
Posted 09 July 2008 - 02:26 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
I apologize for being inactive for a few days. I am having internet problems again.
Just proceed with apropos fix then we'll take it from there.
  • 0

#215
kelkay
Posted 09 July 2008 - 11:28 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I could not get on the computer this morning until now because of the messed up Microsoft Security Update. I am trying to see what I can do. When I installed the update, it messed up my browsing and email, even my av updates would not work. I was on hold with Microsoft for over forty min and nobody answered my call.
  • 0

#216
kelkay
Posted 09 July 2008 - 01:48 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
The update was a problem for Zone Alarm customers. I tried to delete Zone Alarm, and reinstall it...but it still won't run unless I lower the security for the firewall. Now it has a program asking for internet access called KService.exe I am afraid it is connected to the malware or trojans here. I denied access temporarily. Just another problem I don't need right now. Ok I will try an do the next step now.
  • 0

#217
kelkay
Posted 09 July 2008 - 01:50 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I did a search for the file KService.exe and it shows it is under program files/kontiki 2997 kb modified 10-30-2006. I do not know what this is at all.
  • 0

#218
kelkay
Posted 09 July 2008 - 01:53 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I decided to look that up and found that file is under the same OMN file that you get to view free data like videos...sort of like You Tube. So I guess it isn't malicious.
  • 0

#219
kelkay
Posted 09 July 2008 - 02:06 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Kelly\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!
  • 0

#220
kelkay
Posted 09 July 2008 - 02:07 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:32, on 7/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9327 bytes
  • 0

Advertisements

#221
koko_crunch
Posted 09 July 2008 - 06:45 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's try this in two steps.
Please read this post completelt before proceeding with the fix. It may be easier for you if you copy this to notepad or print this for reference later.

First,

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Program Files\adwareremovergold.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\dealhelper.com inc
C:\Program Files\gator.com
C:\Program Files\malwaresweeper.com
C:\Program Files\pcprivacysoftware.com
C:\WINDOWS\wcby
C:\Program Files\zsearch
C:\Program Files\zeropopupbar
C:\Program Files\zangoclient
C:\Program Files\zango games
C:\Program Files\xsoftware
C:\Program Files\xpcspy
C:\Program Files\support software
C:\Program Files\network essentials
C:\Program Files\medialoads
C:\Program Files\medialoads enhanced
C:\Program Files\media gateway
C:\Program Files\md

Files to delete:
C:\csrss.exe
C:\winstall.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\avpcc.dll
C:\WINDOWS\csrss.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\explore.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lsasss.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\services.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\alsys.exe
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bootconf.exe
C:\WINDOWS\system32\e1.dll
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\iexplorer.exe
C:\WINDOWS\system32\internet.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\msclt.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\mstc.exe
C:\WINDOWS\system32\msupdate.exe
C:\WINDOWS\system32\mswins.exe
C:\WINDOWS\system32\nordsys.exe
C:\WINDOWS\system32\ppl.exe
C:\WINDOWS\system32\remote.exe
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\rx.exe
C:\WINDOWS\system32\scvhost32.exe
C:\WINDOWS\system32\se.exe
C:\WINDOWS\system32\server.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\sys.exe
C:\WINDOWS\system32\taskgmr.exe
C:\WINDOWS\system32\update.exe
C:\WINDOWS\system32\wgareg.exe
C:\WINDOWS\system32\wgavm.exe
C:\WINDOWS\system32\win32.exe
C:\WINDOWS\system32\windll.exe
C:\WINDOWS\system32\windowz.exe
C:\WINDOWS\system32\winhost.exe
C:\WINDOWS\system32\winsvc.exe
C:\WINDOWS\system32\winsys32.exe
C:\WINDOWS\system32\winupd.exe
C:\WINDOWS\system32\winxp.exe
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winlogon.exe
C:\WINDOWS\winserv.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\system32\wincom32.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Then,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Logs required on next post.
- Avenger log
- Sdfix log
  • 0

#222
kelkay
Posted 09 July 2008 - 06:49 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I will do these directly....first I must add that I deleted Zone Alarm Pro because of problems with the Microsoft Security Update this morning. I decided I did not want to run on med security until someone figured out what to do, either MS, or Zone Alarm. So for now I am on a free trial of Online Armor.
  • 0

#223
kelkay
Posted 09 July 2008 - 07:06 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
WHEN I DID THE AVENGER PROGRAM all started up okay. Then I am getting a Windows-No Disk warning. It says Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
I hope I didn't mess this thing up!!! It says cancel, try again, or continue...WHAT SHOULD I DO now?


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "C:\Program Files\adwareremovergold.com" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\adwareremovergold.com" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\bulletproofsoft.com" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\bulletproofsoft.com" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\dealhelper.com inc" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\dealhelper.com inc" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\gator.com" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\gator.com" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\malwaresweeper.com" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\malwaresweeper.com" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\pcprivacysoftware.com" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\pcprivacysoftware.com" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\WINDOWS\wcby" is not a folder! It may instead be a file.
Deletion of folder "C:\WINDOWS\wcby" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\zsearch" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\zsearch" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\zeropopupbar" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\zeropopupbar" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\zangoclient" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\zangoclient" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\zango games" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\zango games" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\xsoftware" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\xsoftware" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\xpcspy" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\xpcspy" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\support software" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\support software" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\network essentials" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\network essentials" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\medialoads" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\medialoads" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\medialoads enhanced" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\medialoads enhanced" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\media gateway" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\media gateway" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\Program Files\md" is not a folder! It may instead be a file.
Deletion of folder "C:\Program Files\md" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error: "C:\csrss.exe" is a folder, not a file!
Deletion of file "C:\csrss.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\winstall.exe" is a folder, not a file!
Deletion of file "C:\winstall.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\2020search.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\2020search.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\2020search2.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\2020search2.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\avpcc.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\avpcc.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\csrss.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\csrss.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\ctrlpan.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\ctrlpan.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\explore.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\explore.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\FVProtect.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\FVProtect.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\iexplorer.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\iexplorer.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\lsasss.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\lsasss.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\msconfd.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\msconfd.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\mssvr.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\mssvr.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\olehelp.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\olehelp.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\qttasks.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\qttasks.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\rundll16.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\rundll16.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\services.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\services.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\sistem.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\sistem.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\svchost.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\svchost.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\alsys.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\alsys.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\bho.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\bho.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\bootconf.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\bootconf.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\e1.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\e1.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\emesx.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\emesx.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\iexplore.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\iexplore.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\iexplorer.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\iexplorer.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\internet.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\internet.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\ipv6mons.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\ipv6mons.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\msclt.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\msclt.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\msmsgs.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\msmsgs.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\mstc.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\mstc.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\msupdate.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\msupdate.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\mswins.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\mswins.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\nordsys.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\nordsys.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\ppl.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\ppl.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\remote.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\remote.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\rundll.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\rundll.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\rx.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\rx.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\scvhost32.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\scvhost32.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\se.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\se.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\server.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\server.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\svchost32.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\svchost32.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\svhost.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\svhost.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\svshost.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\svshost.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\sys.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\sys.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\taskgmr.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\taskgmr.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\update.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\update.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\wgareg.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\wgareg.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\wgavm.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\wgavm.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\win32.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\win32.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\windll.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\windll.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\windowz.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\windowz.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\winhost.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\winhost.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\winsvc.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\winsvc.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\winsys32.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\winsys32.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\winupd.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\winupd.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\winxp.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\winxp.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\zlbw.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\zlbw.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\userconfig9x.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\userconfig9x.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\voiceip.dll" is a folder, not a file!
Deletion of file "C:\WINDOWS\voiceip.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\winlogon.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\winlogon.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\winserv.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\winserv.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\xpupdate.exe" is a folder, not a file!
Deletion of file "C:\WINDOWS\xpupdate.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\WINDOWS\system32\wincom32.sys" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\wincom32.sys" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Completed script processing.

*******************

Finished! Terminate.
  • 0

#224
kelkay
Posted 09 July 2008 - 07:10 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I am afraid to do the SDFix thing until I hear what to do about the Windows-No Disk warning I got. I will wait to hear from you before proceeding.
  • 0

#225
koko_crunch
Posted 10 July 2008 - 12:27 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That's ok.
Let's do another scan.

First,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Trend Micro\HijackThis\Kelly.exe
%userprofile%\desktop\dss.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt

    Please attach main.txt and extra.txt on your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP