Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo i think [RESOLVED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe




Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


Then double click on the fix.reg file, when it prompts to merge click "Yes".





Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\tuvwUMDU.dll.q_804E004_q
    C:\Documents and Settings\Jay\My Documents\Random Documents\Switchblade-Siliv-1-3-0-1.zip
    C:\WINDOWS\system32\ruEMmUvw.ini2
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

Advertisements


#17
iamallama

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\SecTaskMan\tuvwUMDU.dll.q_804E004_q moved successfully.
C:\Documents and Settings\Jay\My Documents\Random Documents\Switchblade-Siliv-1-3-0-1.zip moved successfully.
C:\WINDOWS\system32\ruEMmUvw.ini2 moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1FF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF2601.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF59F9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF76B4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF76F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jay\LOCALS~1\Temp\~DFBE0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT030f7.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT030fb.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07042008_112941

Files moved on Reboot...
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF1FF2.tmp not found!
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF2601.tmp not found!
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF59F9.tmp moved successfully.
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF76B4.tmp not found!
File C:\DOCUME~1\Jay\LOCALS~1\Temp\~DF76F5.tmp not found!
C:\DOCUME~1\Jay\LOCALS~1\Temp\~DFBE0D.tmp moved successfully.
File C:\WINDOWS\temp\ZLT030f7.TMP not found!
File C:\WINDOWS\temp\ZLT030fb.TMP not found!
  • 0

#18
iamallama

iamallama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-04 11:34:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jay.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:52 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Jay\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to KEYHOLD.lnk = C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe
O4 - Startup: Shortcut to StealthBot v2.6R3.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211919850811
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8865 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-03 15:42:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-03 15:42:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-27 20:32:56 0 d-------- C:\Program Files\Trend Micro
2008-06-27 20:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-27 20:29:05 0 d-------- C:\Program Files\Security Task Manager
2008-06-27 19:59:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 19:54:30 0 d-------- C:\Program Files\MSXML 4.0
2008-06-26 15:22:44 0 d-------- C:\Documents and Settings\Jay\Application Data\Nero
2008-06-26 15:17:50 0 d-------- C:\Program Files\Nero
2008-06-26 15:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files\Nero
2008-06-26 15:08:13 0 d-------- C:\WINDOWS\CAVTemp
2008-06-26 14:40:34 0 d-------- C:\Program Files\Total Video Converter
2008-06-25 13:49:11 0 dr-h----- C:\Documents and Settings\Jay\Recent
2008-06-25 11:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-24 21:11:10 0 d-------- C:\Program Files\CCleaner
2008-06-24 21:09:46 0 d-------- C:\Program Files\Yahoo!
2008-06-22 20:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 20:37:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 00:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-06-21 00:18:13 0 d-------- C:\Program Files\CA
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-20 13:21:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-20 13:21:20 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-20 13:21:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-20 13:21:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-20 13:21:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-20 13:21:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-20 13:18:59 0 d--hs---- C:\WINDOWS\CSC
2008-06-16 21:07:03 0 d-------- C:\Documents and Settings\Jay\Application Data\Audacity
2008-06-16 21:06:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-06-16 21:03:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-16 20:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrium
2008-06-16 20:57:40 0 d-------- C:\Program Files\Macrium
2008-06-16 20:56:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-14 19:20:11 0 d-------- C:\Program Files\ATITool
2008-06-10 23:28:08 0 d-------- C:\WINDOWS\Sun
2008-06-10 20:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\JCreator
2008-06-10 20:25:51 0 d-------- C:\Documents and Settings\Jay\Application Data\JCreator
2008-06-10 20:21:36 0 d-------- C:\Program Files\Xinox Software
2008-06-10 20:21:09 0 d-------- C:\Documents and Settings\Jay\.SunDownloadManager
2008-06-10 18:44:14 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-10 18:44:14 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-10 18:44:13 0 d-------- C:\Program Files\Cheat Engine
2008-06-08 19:23:39 0 d-------- C:\Program Files\HOLDMYREALKEY
2008-06-07 13:01:04 0 d-------- C:\Program Files\RocketDock


-- Find3M Report ---------------------------------------------------------------

2008-07-04 00:28:29 0 d-------- C:\Program Files\Warcraft III
2008-06-30 20:32:16 0 d-------- C:\Program Files\Messenger
2008-06-30 20:32:15 0 d-------- C:\Program Files\FrostWire
2008-06-30 20:24:45 77514 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 16:05:06 0 d-------- C:\Documents and Settings\Jay\Application Data\Azureus
2008-06-26 15:17:49 0 d-------- C:\Program Files\Common Files
2008-06-22 20:58:00 0 d-------- C:\Documents and Settings\Jay\Application Data\Adobe
2008-06-22 18:50:45 0 d-------- C:\Program Files\Steam
2008-06-19 18:40:04 0 d-------- C:\Program Files\Azureus
2008-06-09 18:25:26 0 d-------- C:\Documents and Settings\Jay\Application Data\Ventrilo
2008-06-08 19:31:41 0 d-------- C:\Program Files\StealthBot
2008-06-02 17:02:05 0 d-------- C:\Documents and Settings\Jay\Application Data\vlc
2008-06-02 17:00:53 0 d-------- C:\Program Files\VideoLAN
2008-06-02 16:56:29 0 d-------- C:\Documents and Settings\Jay\Application Data\Apple Computer
2008-06-02 15:29:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-01 22:23:53 0 d-------- C:\Documents and Settings\Jay\Application Data\FrostWire
2008-05-31 12:42:50 0 d-------- C:\Program Files\VentSrv
2008-05-31 12:39:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 23:33:35 0 d-------- C:\Documents and Settings\Jay\Application Data\Logitech
2008-05-29 23:29:32 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-29 23:29:20 0 d-------- C:\Program Files\Logitech
2008-05-29 23:29:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 02:24:57 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 02:24:42 0 d-------- C:\Program Files\MSBuild
2008-05-28 02:23:14 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 02:20:53 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 22:52:09 0 d-------- C:\Documents and Settings\Jay\Application Data\Macromedia
2008-05-27 21:16:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 20:47:51 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-27 20:47:51 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-27 20:30:20 0 d-------- C:\Program Files\Java
2008-05-27 20:15:49 0 d-------- C:\Program Files\Creative
2008-05-27 20:15:07 0 d-------- C:\Program Files\Analog Devices
2008-05-27 20:07:26 0 d-------- C:\Program Files\WinPcap
2008-05-27 20:00:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 19:59:23 0 d-------- C:\Documents and Settings\Jay\Application Data\Sun
2008-05-27 19:51:29 0 d-------- C:\Program Files\iTunes
2008-05-27 19:41:24 0 d-------- C:\Program Files\Ventrilo
2008-05-27 18:37:45 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-27 18:31:05 0 d-------- C:\Documents and Settings\Jay\Application Data\ViStart
2008-05-27 18:25:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 18:24:13 0 d-------- C:\Documents and Settings\Jay\Application Data\WinRAR
2008-05-27 18:15:00 0 d-------- C:\Program Files\Windows Live
2008-05-27 18:14:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 18:03:55 0 d-------- C:\Program Files\iPod
2008-05-27 18:03:38 0 d-------- C:\Program Files\Bonjour
2008-05-27 18:03:33 0 d-------- C:\Program Files\QuickTime
2008-05-27 18:02:40 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 18:00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 18:00:51 0 d-------- C:\Documents and Settings\Jay\Application Data\Mozilla
2008-05-27 17:50:34 0 d-------- C:\Program Files\Movie Maker
2008-05-27 17:48:13 0 d-------- C:\Program Files\Windows NT
2008-05-27 17:15:56 0 d-------- C:\Program Files\Marvell
2008-05-27 17:14:43 0 d-------- C:\Documents and Settings\Jay\Application Data\Identities
2008-05-27 17:10:11 0 d-------- C:\Program Files\microsoft frontpage
2008-05-27 17:09:50 0 -rahs---- C:\MSDOS.SYS
2008-05-27 17:09:50 0 -rahs---- C:\IO.SYS
2008-05-27 17:09:50 0 --a------ C:\CONFIG.SYS
2008-05-27 17:09:50 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 17:08:48 0 d-------- C:\Program Files\Online Services
2008-05-27 17:07:43 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-27 17:07:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 17:06:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-27 16:26:01 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-27 16:22:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 16:18:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 16:17:08 0 d-------- C:\Documents and Settings\Jay\Application Data\MSN6
2008-05-27 16:16:53 0 d-------- C:\Program Files\Intel
2008-05-27 12:02:10 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-27 12:02:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-27 12:01:41 62 --ahs---- C:\Documents and Settings\Jay\Application Data\desktop.ini
2008-05-12 11:49:00 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 10:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:42 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
Shortcut to KEYHOLD.lnk - C:\Program Files\HOLDMYREALKEY\KEYHOLD.exe [6/8/2008 7:24:08 PM]
Shortcut to StealthBot v2.6R3.lnk - C:\Program Files\StealthBot\StealthBot v2.6R3.exe [4/19/2005 12:53:30 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/29/2008 11:29:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-04 11:44:54 ------------
  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP