Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

joke-bluescreen infection [RESOLVED]


  • This topic is locked This topic is locked

#1
POO715

POO715

    Member

  • Member
  • PipPip
  • 21 posts
hi, can anyone help me. somehow i've managed to get this terrible blue screen thing, it says install antivirus or spyware. my whole screen is blue. and it says it's a joke bluescreen.it keeps restating the computer and a xp antivirus 2008 is now on my computer and will not let me get to my e-mail or anything. this is truly not a joke. please please help me.


Scan saved at 8:01:35 AM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [lphc3qaj0en2p] C:\WINDOWS\system32\lphc3qaj0en2p.exe
O4 - HKLM\..\Run: [SMrhc7qaj0en2p] C:\Program Files\rhc7qaj0en2p\rhc7qaj0en2p.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\ZSA7WT2K\IEPNGF~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_S~3.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_M~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\ZSA7WT2K\HOME_S~3.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\APP_1_~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_1~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\01_2_~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\SXCB3IDV\CALX_1~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\HOME_3~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\HOME_L~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\FRAMES~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\SXCB3IDV\FIRSTC~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\LAUNCH~1.SH! C:\D
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

Edited by POO715, 27 June 2008 - 08:38 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi, here is the dss report you requested


Run by Computer on 2008-06-28 06:37:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-28 11:37:57 UTC - RP8 - Deckard's System Scanner Restore Point
3: 2008-06-27 22:25:12 UTC - RP7 - Removed Ad-Aware
2: 2008-06-27 17:34:41 UTC - RP6 - Last good restore point
1: 2008-06-27 17:34:33 UTC - RP5 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Computer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:23 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Computer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6196 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080627-135746-671 O4 - HKLM\..\Run: [lphc3qaj0en2p] C:\WINDOWS\system32\lphc3qaj0en2p.exe
backup-20080627-135746-775 O4 - HKLM\..\Run: [SMrhc7qaj0en2p] C:\Program Files\rhc7qaj0en2p\rhc7qaj0en2p.exe
backup-20080627-181802-761 O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\ZSA7WT2K\IEPNGF~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_S~3.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_M~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\ZSA7WT2K\HOME_S~3.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\APP_1_~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\HOME_1~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\01_2_~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\SXCB3IDV\CALX_1~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\HOME_3~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\HOME_L~2.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\I8RQ2I94\FRAMES~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\SXCB3IDV\FIRSTC~1.SH! C:\DOCUME~1\Computer\LOCALS~1\TEMPOR~1\Content.IE5\YXOQ2RNO\LAUNCH~1.SH! C:\D

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys

S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\48E47EE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\48E47EE01800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 07:27:01 358 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-06-15 01:36:59 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 17:12:22 0 d-------- C:\Documents and Settings\Computer\Application Data\McAfee
2008-06-27 16:23:14 0 d-------- C:\Program Files\Panda Security
2008-06-27 13:31:50 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 08:01:13 0 d-------- C:\Program Files\Trend Micro
2008-06-27 07:14:47 0 d-------- C:\Program Files\rhc7qaj0en2p
2008-06-27 06:52:46 0 d-------- C:\Documents and Settings\Computer\Application Data\Malwarebytes
2008-06-27 06:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 06:51:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-26 18:29:49 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-26 17:34:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:33:57 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-26 17:33:57 0 d-------- C:\Program Files\SpywareBlaster
2008-06-26 16:48:05 0 d-------- C:\Documents and Settings\Computer\Application Data\rhc7qaj0en2p
2008-06-26 16:25:09 109056 --a------ C:\WINDOWS\system32\lphc3qaj0en2p.exe
2008-06-24 16:30:08 0 d-------- C:\Documents and Settings\All Users\Incomplete
2008-06-24 16:28:40 0 d-------- C:\Documents and Settings\Computer\Application Data\LimeWire
2008-06-17 11:10:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-14 07:26:45 0 d-------- C:\Documents and Settings\Computer\Application Data\Yahoo!
2008-06-13 13:41:33 0 d-------- C:\Program Files\NoAds
2008-06-12 03:00:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-11 07:03:49 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-11 07:03:49 0 d-------- C:\Program Files\Belarc
2008-06-10 12:51:07 0 d-------- C:\Documents and Settings\Computer\Application Data\Nero
2008-06-10 12:48:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-10 12:48:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 15:05:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 11:08:24 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-06-04 11:02:36 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-04 11:02:13 0 d-------- C:\Program Files\HP
2008-06-04 10:24:23 1105 --a------ C:\WINDOWS\checkip.dat
2008-06-04 10:19:25 1108 --a------ C:\WINDOWS\ipconfig.dat
2008-06-04 09:48:47 0 d-------- C:\Documents and Settings\Computer\Application Data\Motive
2008-05-31 13:59:31 43387 --a------ C:\WINDOWS\browser.exe <Not Verified; ; Compiled AutoIt Script>
2008-05-31 13:58:58 16848 -----n--- C:\WINDOWS\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 81920 -----n--- C:\WINDOWS\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 17162 -----n--- C:\WINDOWS\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-31 13:58:52 0 d-------- C:\WINDOWS\Motive
2008-05-31 13:58:50 0 d-------- C:\Program Files\Common Files\Motive
2008-05-31 13:58:28 0 d-------- C:\Program Files\SBC Self Support Tool
2008-05-31 13:40:50 0 d-------- C:\Program Files\Yahoo!
2008-05-30 08:17:16 0 d-------- C:\Program Files\BroadJump
2008-05-30 02:08:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-30 02:06:31 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-30 02:06:30 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-30 02:06:24 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:21 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:20 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 01:57:41 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>


-- Find3M Report ---------------------------------------------------------------

2008-06-27 17:25:19 0 d-------- C:\Program Files\Common Files
2008-06-16 19:29:22 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-10 12:48:50 0 d-------- C:\Program Files\Nero
2008-05-31 14:30:23 0 d-------- C:\Documents and Settings\Computer\Application Data\Adobe
2008-05-26 19:59:49 0 d-------- C:\Documents and Settings\Computer\Application Data\Macromedia
2008-05-26 19:23:44 0 d-------- C:\Documents and Settings\Computer\Application Data\AdobeUM
2008-05-24 07:08:43 0 d-------- C:\Program Files\McAfee
2008-05-21 22:28:25 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-16 01:11:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 21:01:18 0 d-------- C:\Program Files\CyberLink
2008-05-15 08:27:13 0 d-------- C:\Program Files\McAfee.com
2008-05-15 07:59:35 0 d-------- C:\Program Files\PeoplePC
2008-05-15 07:14:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-15 00:14:48 0 d-------- C:\Documents and Settings\Computer\Application Data\Ahead
2008-05-14 23:35:22 0 d-------- C:\Documents and Settings\Computer\Application Data\Sun
2008-05-14 09:50:57 0 d-------- C:\Program Files\Java
2008-05-14 08:26:45 0 d-------- C:\Program Files\Common Files\Java
2008-05-14 07:25:18 0 d-------- C:\Program Files\Common Files\PeoplePC
2008-05-13 17:53:28 0 d-------- C:\Documents and Settings\Computer\Application Data\ScamBlocker
2008-04-29 16:36:41 0 d-------- C:\Program Files\MSXML 6.0
2008-04-29 16:18:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-29 16:14:30 0 d-------- C:\Program Files\MSBuild
2008-04-29 16:10:44 0 d-------- C:\Program Files\Reference Assemblies
2008-04-29 15:55:21 0 d-------- C:\Program Files\Messenger
2008-04-29 15:30:24 0 d-------- C:\Documents and Settings\Computer\Application Data\Identities
2008-04-29 15:26:17 0 d-------- C:\Program Files\microsoft frontpage
2008-04-29 15:25:57 0 -rahs---- C:\MSDOS.SYS
2008-04-29 15:25:57 0 -rahs---- C:\IO.SYS
2008-04-29 15:25:57 0 --a------ C:\CONFIG.SYS
2008-04-29 15:25:57 0 --a------ C:\AUTOEXEC.BAT
2008-04-29 15:24:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-29 15:24:40 0 d-------- C:\Program Files\Online Services
2008-04-29 15:23:32 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-29 15:23:19 0 d-------- C:\Program Files\Movie Maker
2008-04-29 15:22:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-29 15:21:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-29 15:21:38 0 d-------- C:\Program Files\Windows NT
2008-04-29 11:16:07 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-29 11:16:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-29 11:15:27 62 --ahs---- C:\Documents and Settings\Computer\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [07/14/2003 09:52 AM C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 03:25 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/18/2004 12:55 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Yahoo! Pager"="1" []
"NoAds"="C:\Program Files\NoAds\NoAds.exe" [06/13/2008 01:41 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [5/31/2008 1:58:29 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-06-28 06:39:14 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop sysrest.sys
sc delete sysrest.sys
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.





NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    c:\windows\system32\sysrest.sys
    C:\WINDOWS\system32\sysrest32.exe
    C:\WINDOWS\system32\lphc3qaj0en2p.exe
    C:\Program Files\rhc7qaj0en2p
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply.. Post each log in separate post

1. OTMoveIt2
2. A fresh Deckard System Scanner (after OTMoveIt2 step)



Regards
fenzodahl512
  • 0

#5
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi, it says windows can't find it
  • 0

#6
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi again, i hope i'm posting this right


File/Folder c:\windows\system32\sysrest.sys not found.
File/Folder C:\WINDOWS\system32\sysrest32.exe not found.
C:\WINDOWS\system32\lphc3qaj0en2p.exe moved successfully.
C:\Program Files\rhc7qaj0en2p moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage deleted successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\mcafee_FqoQIbyPSWMR17a scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_mWHtGAtzTxTgxQM scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_gkfRdJLaHGVO0dP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_l03YP1mxK14Xjn6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_pLBn8azRzCOgQd4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UnSfc5GrARjFi7F scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UUhFnTPzOqf2haE scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06282008_075804

Files moved on Reboot...
File C:\WINDOWS\temp\mcafee_FqoQIbyPSWMR17a not found!
File C:\WINDOWS\temp\mcafee_mWHtGAtzTxTgxQM not found!
File C:\WINDOWS\temp\mcmsc_gkfRdJLaHGVO0dP not found!
File C:\WINDOWS\temp\mcmsc_l03YP1mxK14Xjn6 not found!
File C:\WINDOWS\temp\mcmsc_pLBn8azRzCOgQd4 not found!
File C:\WINDOWS\temp\mcmsc_UnSfc5GrARjFi7F not found!
File C:\WINDOWS\temp\mcmsc_UUhFnTPzOqf2haE not found!
  • 0

#7
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
here is the dss report, but the warning spyware and blue screen is still there.



Run by Computer on 2008-06-28 08:08:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Computer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:06 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Computer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6179 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 17:12:22 0 d-------- C:\Documents and Settings\Computer\Application Data\McAfee
2008-06-27 16:23:14 0 d-------- C:\Program Files\Panda Security
2008-06-27 13:31:50 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 08:01:13 0 d-------- C:\Program Files\Trend Micro
2008-06-27 06:52:46 0 d-------- C:\Documents and Settings\Computer\Application Data\Malwarebytes
2008-06-27 06:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 06:51:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-26 18:29:49 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-26 17:34:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:33:57 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-26 17:33:57 0 d-------- C:\Program Files\SpywareBlaster
2008-06-26 16:48:05 0 d-------- C:\Documents and Settings\Computer\Application Data\rhc7qaj0en2p
2008-06-24 16:30:08 0 d-------- C:\Documents and Settings\All Users\Incomplete
2008-06-24 16:28:40 0 d-------- C:\Documents and Settings\Computer\Application Data\LimeWire
2008-06-17 11:10:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-14 07:26:45 0 d-------- C:\Documents and Settings\Computer\Application Data\Yahoo!
2008-06-13 13:41:33 0 d-------- C:\Program Files\NoAds
2008-06-12 03:00:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-11 07:03:49 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-11 07:03:49 0 d-------- C:\Program Files\Belarc
2008-06-10 12:51:07 0 d-------- C:\Documents and Settings\Computer\Application Data\Nero
2008-06-10 12:48:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-10 12:48:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 15:05:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 11:08:24 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-06-04 11:02:36 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-04 11:02:13 0 d-------- C:\Program Files\HP
2008-06-04 10:24:23 1105 --a------ C:\WINDOWS\checkip.dat
2008-06-04 10:19:25 1108 --a------ C:\WINDOWS\ipconfig.dat
2008-06-04 09:48:47 0 d-------- C:\Documents and Settings\Computer\Application Data\Motive
2008-05-31 13:59:31 43387 --a------ C:\WINDOWS\browser.exe <Not Verified; ; Compiled AutoIt Script>
2008-05-31 13:58:58 16848 -----n--- C:\WINDOWS\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 81920 -----n--- C:\WINDOWS\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 17162 -----n--- C:\WINDOWS\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-31 13:58:52 0 d-------- C:\WINDOWS\Motive
2008-05-31 13:58:50 0 d-------- C:\Program Files\Common Files\Motive
2008-05-31 13:58:28 0 d-------- C:\Program Files\SBC Self Support Tool
2008-05-31 13:40:50 0 d-------- C:\Program Files\Yahoo!
2008-05-30 08:17:16 0 d-------- C:\Program Files\BroadJump
2008-05-30 02:08:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-30 02:06:31 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-30 02:06:30 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-30 02:06:24 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:21 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:20 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 01:57:41 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>


-- Find3M Report ---------------------------------------------------------------

2008-06-27 17:25:19 0 d-------- C:\Program Files\Common Files
2008-06-16 19:29:22 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-10 12:48:50 0 d-------- C:\Program Files\Nero
2008-05-31 14:30:23 0 d-------- C:\Documents and Settings\Computer\Application Data\Adobe
2008-05-26 19:59:49 0 d-------- C:\Documents and Settings\Computer\Application Data\Macromedia
2008-05-26 19:23:44 0 d-------- C:\Documents and Settings\Computer\Application Data\AdobeUM
2008-05-24 07:08:43 0 d-------- C:\Program Files\McAfee
2008-05-21 22:28:25 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-16 01:11:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 21:01:18 0 d-------- C:\Program Files\CyberLink
2008-05-15 08:27:13 0 d-------- C:\Program Files\McAfee.com
2008-05-15 07:59:35 0 d-------- C:\Program Files\PeoplePC
2008-05-15 07:14:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-15 00:14:48 0 d-------- C:\Documents and Settings\Computer\Application Data\Ahead
2008-05-14 23:35:22 0 d-------- C:\Documents and Settings\Computer\Application Data\Sun
2008-05-14 09:50:57 0 d-------- C:\Program Files\Java
2008-05-14 08:26:45 0 d-------- C:\Program Files\Common Files\Java
2008-05-14 07:25:18 0 d-------- C:\Program Files\Common Files\PeoplePC
2008-05-13 17:53:28 0 d-------- C:\Documents and Settings\Computer\Application Data\ScamBlocker
2008-04-29 16:36:41 0 d-------- C:\Program Files\MSXML 6.0
2008-04-29 16:18:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-29 16:14:30 0 d-------- C:\Program Files\MSBuild
2008-04-29 16:10:44 0 d-------- C:\Program Files\Reference Assemblies
2008-04-29 15:55:21 0 d-------- C:\Program Files\Messenger
2008-04-29 15:30:24 0 d-------- C:\Documents and Settings\Computer\Application Data\Identities
2008-04-29 15:26:17 0 d-------- C:\Program Files\microsoft frontpage
2008-04-29 15:25:57 0 -rahs---- C:\MSDOS.SYS
2008-04-29 15:25:57 0 -rahs---- C:\IO.SYS
2008-04-29 15:25:57 0 --a------ C:\CONFIG.SYS
2008-04-29 15:25:57 0 --a------ C:\AUTOEXEC.BAT
2008-04-29 15:24:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-29 15:24:40 0 d-------- C:\Program Files\Online Services
2008-04-29 15:23:32 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-29 15:23:19 0 d-------- C:\Program Files\Movie Maker
2008-04-29 15:22:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-29 15:21:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-29 15:21:38 0 d-------- C:\Program Files\Windows NT
2008-04-29 11:16:07 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-29 11:16:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-29 11:15:27 62 --ahs---- C:\Documents and Settings\Computer\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [07/14/2003 09:52 AM C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 03:25 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/18/2004 12:55 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Yahoo! Pager"="1" []
"NoAds"="C:\Program Files\NoAds\NoAds.exe" [06/13/2008 01:41 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [5/31/2008 1:58:29 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-06-28 08:09:32 ------------
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. Try to change your Desktop background..



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Computer\Application Data\rhc7qaj0en2p

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\browser.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply.. As usual, post each log in separate post..

1. OTMoveIt2
2. Jotti/VirusTotal
3. Malwarebytes'
4. A fresh Deckard System Scanner (after Malwarebytes' step)


Regards
fenzodahl512
  • 0

#9
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan taken on 28 Jun 2008 13:39:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Shutdowner.cq
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Win32.Autoit.D
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
  • 0

#10
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Database version: 897

9:06:08 AM 6/28/2008
mbam-log-6-28-2008 (09-06-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 60232
Time elapsed: 19 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\_OTMoveIt\MovedFiles\06282008_075804\Program Files\rhc7qaj0en2p\rhc7qaj0en2pSkin.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3qaj0en2p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

Advertisements


#11
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Run by Computer on 2008-06-28 09:08:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Computer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:41 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Computer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6228 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 08:43:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 17:12:22 0 d-------- C:\Documents and Settings\Computer\Application Data\McAfee
2008-06-27 16:23:14 0 d-------- C:\Program Files\Panda Security
2008-06-27 13:31:50 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 08:01:13 0 d-------- C:\Program Files\Trend Micro
2008-06-27 06:52:46 0 d-------- C:\Documents and Settings\Computer\Application Data\Malwarebytes
2008-06-27 06:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 06:51:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-26 18:29:49 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-26 17:34:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:33:57 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-26 17:33:57 0 d-------- C:\Program Files\SpywareBlaster
2008-06-24 16:30:08 0 d-------- C:\Documents and Settings\All Users\Incomplete
2008-06-24 16:28:40 0 d-------- C:\Documents and Settings\Computer\Application Data\LimeWire
2008-06-17 11:10:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-14 07:26:45 0 d-------- C:\Documents and Settings\Computer\Application Data\Yahoo!
2008-06-13 13:41:33 0 d-------- C:\Program Files\NoAds
2008-06-12 03:00:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-11 07:03:49 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-11 07:03:49 0 d-------- C:\Program Files\Belarc
2008-06-10 12:51:07 0 d-------- C:\Documents and Settings\Computer\Application Data\Nero
2008-06-10 12:48:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-10 12:48:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 15:05:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 11:08:24 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-04 11:08:24 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-06-04 11:02:36 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-04 11:02:13 0 d-------- C:\Program Files\HP
2008-06-04 10:24:23 1105 --a------ C:\WINDOWS\checkip.dat
2008-06-04 10:19:25 1108 --a------ C:\WINDOWS\ipconfig.dat
2008-06-04 09:48:47 0 d-------- C:\Documents and Settings\Computer\Application Data\Motive
2008-05-31 13:59:31 43387 --a------ C:\WINDOWS\browser.exe <Not Verified; ; Compiled AutoIt Script>
2008-05-31 13:58:58 16848 -----n--- C:\WINDOWS\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 81920 -----n--- C:\WINDOWS\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:57 17162 -----n--- C:\WINDOWS\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-31 13:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-31 13:58:52 0 d-------- C:\WINDOWS\Motive
2008-05-31 13:58:50 0 d-------- C:\Program Files\Common Files\Motive
2008-05-31 13:58:28 0 d-------- C:\Program Files\SBC Self Support Tool
2008-05-31 13:40:50 0 d-------- C:\Program Files\Yahoo!
2008-05-30 08:17:16 0 d-------- C:\Program Files\BroadJump
2008-05-30 02:08:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-30 02:06:31 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:30 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-30 02:06:30 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-30 02:06:24 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-30 02:06:24 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:23 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:22 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:21 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 02:06:20 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-30 01:57:41 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>


-- Find3M Report ---------------------------------------------------------------

2008-06-27 17:25:19 0 d-------- C:\Program Files\Common Files
2008-06-16 19:29:22 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-10 12:48:50 0 d-------- C:\Program Files\Nero
2008-05-31 14:30:23 0 d-------- C:\Documents and Settings\Computer\Application Data\Adobe
2008-05-26 19:59:49 0 d-------- C:\Documents and Settings\Computer\Application Data\Macromedia
2008-05-26 19:23:44 0 d-------- C:\Documents and Settings\Computer\Application Data\AdobeUM
2008-05-24 07:08:43 0 d-------- C:\Program Files\McAfee
2008-05-21 22:28:25 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-16 01:11:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 21:01:18 0 d-------- C:\Program Files\CyberLink
2008-05-15 08:27:13 0 d-------- C:\Program Files\McAfee.com
2008-05-15 07:59:35 0 d-------- C:\Program Files\PeoplePC
2008-05-15 07:14:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-15 00:14:48 0 d-------- C:\Documents and Settings\Computer\Application Data\Ahead
2008-05-14 23:35:22 0 d-------- C:\Documents and Settings\Computer\Application Data\Sun
2008-05-14 09:50:57 0 d-------- C:\Program Files\Java
2008-05-14 08:26:45 0 d-------- C:\Program Files\Common Files\Java
2008-05-14 07:25:18 0 d-------- C:\Program Files\Common Files\PeoplePC
2008-05-13 17:53:28 0 d-------- C:\Documents and Settings\Computer\Application Data\ScamBlocker
2008-04-29 16:36:41 0 d-------- C:\Program Files\MSXML 6.0
2008-04-29 16:18:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-29 16:14:30 0 d-------- C:\Program Files\MSBuild
2008-04-29 16:10:44 0 d-------- C:\Program Files\Reference Assemblies
2008-04-29 15:55:21 0 d-------- C:\Program Files\Messenger
2008-04-29 15:30:24 0 d-------- C:\Documents and Settings\Computer\Application Data\Identities
2008-04-29 15:26:17 0 d-------- C:\Program Files\microsoft frontpage
2008-04-29 15:25:57 0 -rahs---- C:\MSDOS.SYS
2008-04-29 15:25:57 0 -rahs---- C:\IO.SYS
2008-04-29 15:25:57 0 --a------ C:\CONFIG.SYS
2008-04-29 15:25:57 0 --a------ C:\AUTOEXEC.BAT
2008-04-29 15:24:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-29 15:24:40 0 d-------- C:\Program Files\Online Services
2008-04-29 15:23:32 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-29 15:23:19 0 d-------- C:\Program Files\Movie Maker
2008-04-29 15:22:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-29 15:21:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-29 15:21:38 0 d-------- C:\Program Files\Windows NT
2008-04-29 11:16:07 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-29 11:16:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-29 11:15:27 62 --ahs---- C:\Documents and Settings\Computer\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [07/14/2003 09:52 AM C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 03:25 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/18/2004 12:55 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Yahoo! Pager"="1" []
"NoAds"="C:\Program Files\NoAds\NoAds.exe" [06/13/2008 01:41 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [5/31/2008 1:58:29 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-06-28 09:09:06 ------------
  • 0

#12
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan taken on 28 Jun 2008 14:13:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Shutdowner.cq
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Win32.Autoit.D
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered
  • 0

#13
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
yes i was able to chang my background and desktop settings.
  • 0

#14
POO715

POO715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan taken on 28 Jun 2008 14:13:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Shutdowner.cq
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Win32.Autoit.D
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. Have you manage changing your Desktop background?..



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\browser.exe

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Post the following in your next reply..

1. OTMoveIt2 log
2. Kaspersky Webscanner report
3. Tell me about your computer condition...


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP