Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen spyware [RESOLVED]

Started by Bitburger1 , Jun 28 2008 08:10 AM

  • This topic is locked This topic is locked

#1
Bitburger1
Posted 28 June 2008 - 08:10 AM

Bitburger1

    Member

  • Member
  • PipPip
  • 13 posts
I have managed to get this terrible blue screen thing, it says install antivirus or spyware. my whole screen is blue. and it says it's a joke bluescreen.it keeps restating the computer and a xp antivirus is now on my computer or something. Trend Micor keep stopping a ADW AXPFIXER and TROJ RENOS.ZO. I have run SDFIx and Deckards and am posting the finding below.

Thank you,
Larry

SDFix: Version 1.198
Run by Larry Nicodemus on Sat 06/28/2008 at 08:36 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\LARRYN~1\Desktop\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\media.php - Deleted
C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\media.php.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 08:45:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Steam\\SteamApps\\trucman007\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\trucman007\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\trucman007\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\trucman007\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\\Program Files\\Steam\\steamapps\\trucman007\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\trucman007\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\trucman007\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\trucman007\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Games\\Dominoes\\Win42.exe"="C:\\Program Files\\Games\\Dominoes\\Win42.exe:*:Enabled:Win42"
"C:\\Program Files\\Steam\\steamapps\\trucman007\\disciples ii rise of the elves\\Discipl2.exe"="C:\\Program Files\\Steam\\steamapps\\trucman007\\disciples ii rise of the elves\\Discipl2.exe:*:Enabled:Disciples II v3.0"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\NETGEAR\\WG311v3\\wlancfg5.exe"="C:\\Program Files\\NETGEAR\\WG311v3\\wlancfg5.exe:*:Enabled:NETGEAR WG311v3 Wireless Assistant"
"C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe:*:Enabled:Intel® PROSet for Wired Connections"
"C:\\Program Files\\AWS\\WeatherBug\\Weather.exe"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe:*:Enabled:Run WeatherBug"
"C:\\Program Files\\Spyware Doctor\\pctsGui.exe"="C:\\Program Files\\Spyware Doctor\\pctsGui.exe:*:Enabled:Spyware Doctor"
"C:\\Program Files\\DVDFab 5\\DVDFab.exe"="C:\\Program Files\\DVDFab 5\\DVDFab.exe:*:Enabled:DVDFab 5"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\DellConnect\\Bin\\Launch.exe"="C:\\Program Files\\DellConnect\\Bin\\Launch.exe:*:Enabled:DellConnect"
"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Shell.exe"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Shell.exe:*:Enabled:Intel Matrix Storage Console"
"C:\\Program Files\\Windows Media Bonus Pack for Windows XP\\PowerToys\\libwiz.exe"="C:\\Program Files\\Windows Media Bonus Pack for Windows XP\\PowerToys\\libwiz.exe:*:Enabled:Media Library Management Wizard"
"C:\\Program Files\\Modem Helper\\MDM_Util.exe"="C:\\Program Files\\Modem Helper\\MDM_Util.exe:*:Enabled:Modem Helper"
"C:\\Program Files\\NetWaiting\\netwaiting.exe"="C:\\Program Files\\NetWaiting\\netwaiting.exe:*:Enabled:NetWaiting"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqwrg.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqwrg.exe:*:Enabled:Product Registration"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\Larry Nicodemus\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Larry Nicodemus\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Steam\\steamapps\\ianmcleod\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\ianmcleod\\counter-strike source\\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\LARRYN~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 20 Apr 2006 33 ...H. --- "C:\Program Files\Brother's Keeper 6\bkuser.reg"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 13 Jun 2008 152 ..SHR --- "C:\WINDOWS\system32\BB2FD205C1.sys"
Fri 13 Jun 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 11 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 16 Dec 2000 20,480 ...H. --- "C:\Documents and Settings\All Users\Desktop\XMAS\~WRL1909.tmp"
Thu 17 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Wed 4 Sep 2002 23,040 ...H. --- "C:\Documents and Settings\Larry Nicodemus\My Documents\TOTAL CONCEPT\~WRL1833.tmp"
Wed 4 Sep 2002 23,552 ...H. --- "C:\Documents and Settings\Larry Nicodemus\My Documents\TOTAL CONCEPT\~WRL2350.tmp"
Wed 4 Sep 2002 23,040 ...H. --- "C:\Documents and Settings\Larry Nicodemus\My Documents\TOTAL CONCEPT\~WRL3163.tmp"
Wed 4 Sep 2002 23,040 ...H. --- "C:\Documents and Settings\Larry Nicodemus\My Documents\TOTAL CONCEPT\~WRL3862.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT8.tmp"
Mon 11 Sep 2006 11,115 ..SH. --- "C:\Documents and Settings\Larry Nicodemus\My Documents\My Music\License Backup\drmv2key.bak"
Wed 2 May 2007 8 ...H. --- "C:\Documents and Settings\Larry Nicodemus\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 2 May 2007 8 ...H. --- "C:\Documents and Settings\Larry Nicodemus\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 3 May 2007 8 ...H. --- "C:\Documents and Settings\Larry Nicodemus\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 9 May 2007 8 ...H. --- "C:\Documents and Settings\Larry Nicodemus\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!


Deckard's System Scanner v20071014.68
Run by Larry Nicodemus on 2008-06-28 08:55:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-28 13:55:34 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-28 12:39:57 UTC - RP2 - Last good restore point
1: 2008-06-28 12:39:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Larry Nicodemus.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:43 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lphc70vj0el4e.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Larry Nicodemus\Desktop\dss.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Larry Nicodemus.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.weatherbug...4653785;ct.1/01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\LARRY NICODEMUS\Application Data\Mozilla\Profiles\default\3fcgrqbo.slt\prefs.js)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphc70vj0el4e] C:\WINDOWS\system32\lphc70vj0el4e.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182606973359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194212513656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10134 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 catchme - c:\docume~1\larryn~1\locals~1\temp\catchme.sys (file missing)
R3 Pcatip - c:\windows\system32\drivers\pcatip.sys <Not Verified; VSO Software; Patin-Couffin Autoplay™ support driver>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - c:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>

S2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel® quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
S3 Adobe LM Service - "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-21 18:35:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-01 10:58:44 362 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1177588655.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 08:27:00 0 d-------- C:\WINDOWS\ERUNT
2008-06-28 07:39:39 2031832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-27 15:10:15 60928 --a------ C:\WINDOWS\system32\blphc70vj0el4e.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-27 15:10:10 109056 --a------ C:\WINDOWS\system32\lphc70vj0el4e.exe
2008-06-25 14:29:50 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Softarium.com
2008-06-25 14:29:49 0 d-------- C:\Program Files\Active Keys
2008-06-24 12:06:07 0 d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-06-24 10:00:46 0 d-------- C:\Program Files\Workspace Macro 4.6
2008-05-29 19:17:17 0 d-------- C:\Program Files\Adware Away


-- Find3M Report ---------------------------------------------------------------

2008-06-28 07:56:41 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-27 15:15:33 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-27 15:05:50 0 d-------- C:\Program Files\Common Files
2008-06-27 14:16:26 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Vso
2008-06-23 15:25:00 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Mozilla
2008-06-23 15:08:02 0 d-------- C:\Program Files\Broderbund
2008-06-20 07:01:24 0 d-------- C:\Program Files\Brother's Keeper 6
2008-06-20 06:13:40 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\WeatherBug
2008-06-17 08:49:03 0 d-------- C:\Program Files\Steam
2008-06-13 22:26:49 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 22:26:48 152 -r-hs---- C:\WINDOWS\system32\BB2FD205C1.sys
2008-06-06 09:34:19 0 d-------- C:\Program Files\DVDFab 5
2008-05-26 10:31:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 11:06:09 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Google
2008-05-20 11:05:47 0 d-------- C:\Program Files\Google
2008-05-16 09:19:52 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-12 12:07:00 33 --a------ C:\WINDOWS\checkip.dat
2008-05-06 14:33:16 3619 ---h----- C:\hpothb07.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 11:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 04:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 08:07 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 12:50 PM C:\WINDOWS\LOGI_MWX.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 07:56 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/21/2006 05:20 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/23/2008 07:34 AM]
"lphc70vj0el4e"="C:\WINDOWS\system32\lphc70vj0el4e.exe" [06/27/2008 03:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [04/07/2006 04:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/13/2006 6:30:03 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/2/2006 9:18:06 AM]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\NewsFlsh.exe [2/19/2008 5:49:27 PM]
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [4/22/2006 9:09:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
backup=C:\WINDOWS\pss\Macro Express 3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSP - restore settings on power failure]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1




-- End of Deckard's System Scanner: finished at 2008-06-28 08:58:32 ------------
  • 0

Advertisements

#2
fenzodahl512
Posted 29 June 2008 - 03:43 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system321lkdoiuekrewr.bin
C:\WINDOWS\system32\blphc70vj0el4e.scr
C:\WINDOWS\system32\lphc70vj0el4e.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc70vj0el4e
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log along with a fresh Deckard system Scanner log in your next reply.. Please post each log in separate post..



Regards
fenzodahl512

Edited by fenzodahl512, 29 June 2008 - 03:45 AM.

  • 0

#3
Bitburger1
Posted 29 June 2008 - 07:29 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the OTM log.

Explorer killed successfully
C:\WINDOWS\system321lkdoiuekrewr.bin moved successfully.
C:\WINDOWS\system32\blphc70vj0el4e.scr moved successfully.
C:\WINDOWS\system32\lphc70vj0el4e.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc70vj0el4e >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc70vj0el4e deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt11.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt13.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt70.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_082309

Files moved on Reboot...
C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt11.tmp moved successfully.
C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt13.tmp moved successfully.
C:\DOCUME~1\LARRYN~1\LOCALS~1\Temp\.tt70.tmp moved successfully.
  • 0

#4
Bitburger1
Posted 29 June 2008 - 07:30 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is Deckards log.

Deckard's System Scanner v20071014.68
Run by Larry Nicodemus on 2008-06-29 08:26:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Larry Nicodemus.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:26 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Larry Nicodemus\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LARRYN~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.weatherbug...4653785;ct.1/01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\LARRY NICODEMUS\Application Data\Mozilla\Profiles\default\3fcgrqbo.slt\prefs.js)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182606973359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194212513656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10068 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-28 08:27:00 0 d-------- C:\WINDOWS\ERUNT
2008-06-25 14:29:50 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Softarium.com
2008-06-25 14:29:49 0 d-------- C:\Program Files\Active Keys
2008-06-24 12:06:07 0 d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-06-24 10:00:46 0 d-------- C:\Program Files\Workspace Macro 4.6
2008-05-29 19:17:17 0 d-------- C:\Program Files\Adware Away


-- Find3M Report ---------------------------------------------------------------

2008-06-29 08:07:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-28 11:57:41 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Vso
2008-06-28 11:17:17 0 d-------- C:\Program Files\Qualcomm
2008-06-28 10:04:18 0 d-------- C:\Program Files\Trend Micro
2008-06-27 15:15:33 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-27 15:05:50 0 d-------- C:\Program Files\Common Files
2008-06-23 15:25:00 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Mozilla
2008-06-23 15:08:02 0 d-------- C:\Program Files\Broderbund
2008-06-20 07:01:24 0 d-------- C:\Program Files\Brother's Keeper 6
2008-06-20 06:13:40 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\WeatherBug
2008-06-17 08:49:03 0 d-------- C:\Program Files\Steam
2008-06-13 22:26:49 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 22:26:48 152 -r-hs---- C:\WINDOWS\system32\BB2FD205C1.sys
2008-06-06 09:34:19 0 d-------- C:\Program Files\DVDFab 5
2008-05-26 10:31:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 11:06:09 0 d-------- C:\Documents and Settings\Larry Nicodemus\Application Data\Google
2008-05-20 11:05:47 0 d-------- C:\Program Files\Google
2008-05-16 09:19:52 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-12 12:07:00 33 --a------ C:\WINDOWS\checkip.dat
2008-05-06 14:33:16 3619 ---h----- C:\hpothb07.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 11:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 04:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 08:07 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 12:50 PM C:\WINDOWS\LOGI_MWX.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 07:56 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/21/2006 05:20 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/23/2008 07:34 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [04/07/2006 04:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/13/2006 6:30:03 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/2/2006 9:18:06 AM]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\NewsFlsh.exe [2/19/2008 5:49:27 PM]
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [4/22/2006 9:09:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
backup=C:\WINDOWS\pss\Macro Express 3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSP - restore settings on power failure]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1




-- End of Deckard's System Scanner: finished at 2008-06-29 08:26:55 ------------
  • 0

#5
fenzodahl512
Posted 29 June 2008 - 07:47 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\hpothb07.dat
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Tell me about your computer behaviour


Regards
fenzodahl512
  • 0

#6
Bitburger1
Posted 29 June 2008 - 08:12 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus

Service
Service load:
0% 100%
File: hpothb07.dat
Status:
OK
MD5: a5c892f1112aa1019bb9fcbbe77244e6
Packers detected:
-
Scanner results
Scan taken on 29 Jun 2008 14:09:09 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Powered by
images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/fortinet.gif images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.gif images/sophos.gif images/virusbuster.gif images/vba32.png
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
Statistics
Last file scanned at least one scanner reported something about: X.exe (MD5: db8abc1b3472d37d25a2b4a3a1e799d6, size: 55629 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Crypt.XPACK.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web BackDoor.Bifrost.789
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.



Frequently asked questions - Feedback - Privacy policy

Debian

Page generated by JTPL

© 2004-2008 Jotti <[email protected]>
  • 0

#7
fenzodahl512
Posted 29 June 2008 - 08:33 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Waiting for your Malwarebytes' log.. And please also post a fresh Deckard System Scanner log after that.. Also tell me about your computer condition :)


Regards
fenzodahl512
  • 0

#8
Bitburger1
Posted 29 June 2008 - 09:11 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nothing found.


Scan type: Full Scan (C:\|)
Objects scanned: 130574
Time elapsed: 55 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
Bitburger1
Posted 29 June 2008 - 09:15 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Computer seems to be working OK. Was able to change back ground and it stayed. No Virus infections popping up like before. Believe the Move it script did the trick What was the malaware called? I could never figure that out. Trend micro said to remove the registery key (malaware name).

Thank you for the help and keep up the good work.
  • 0

#10
fenzodahl512
Posted 29 June 2008 - 10:34 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great! your log looks clean to my eyes...


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT


I noticed that you already have:

1. TrendMicro Internet Security consisting of your antivirus and firewall
2. Malwarebytes' Anti-Malware as your antispyware..




Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#11
Bitburger1
Posted 29 June 2008 - 11:43 AM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Am I suppose to also remove
Java Web Start
Java ™ updates 2,3 and 5?
I removed all the runtime enviroments.
  • 0

#12
fenzodahl512
Posted 29 June 2008 - 11:55 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Am I suppose to also remove
Java Web Start
Java ™ updates 2,3 and 5?
I removed all the runtime enviroments.



Remove it all and download/install the latest ones :)
  • 0

#13
Bitburger1
Posted 29 June 2008 - 12:38 PM

Bitburger1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Everything is running go and a bit faster.
Again thank you for everything and keep up the good work.
  • 0

#14
fenzodahl512
Posted 29 June 2008 - 08:11 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP