[Jimmy2012]

Hello jf2008,
Are you using Internet Explorer to run the scan? If you are not using Internet Explorer, please use it and try scanning the file again.

[Advertisements]

Hi,
Yes....
I deleted the programs you identified... rebooted the computer to make sure nothing else was running.
I copied the line into my clipboard memory.... ran Internet Explorer....
I added the website into the address and pressed enter. the program came up...
I pasted the file ( line from the forum ) into the program and hit "upload". I waited for about an hour
and nothing happened. I even pasted the line into notepad file and saved it as test.txt to see if it would
upload and still nothing. Thanks.

[jf2008]

Hi,
Yes....
I deleted the programs you identified... rebooted the computer to make sure nothing else was running.
I copied the line into my clipboard memory.... ran Internet Explorer....
I added the website into the address and pressed enter. the program came up...
I pasted the file ( line from the forum ) into the program and hit "upload". I waited for about an hour
and nothing happened. I even pasted the line into notepad file and saved it as test.txt to see if it would
upload and still nothing. Thanks.

[Jimmy2012]

Hello jf2008,
Please try this scanner for that file. Please use Internet Explorer to run the scan.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • C:\Documents and Settings\JF1954\Application Data\FrontEndCD.ini
• Click on the submit button
  
• Please post the results in your next reply.

[jf2008]

I didn't see a report so I highlighted, copied & pasted it to the forum.
====================================
Scan taken on 05 Aug 2008 21:16:07 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
======================================
Bottom part on same page.
======================================
Scanner Malware name

A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV PUA.Packed.Themida
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus Trojan-Downloader.Win32.Bagle.xi
NOD32 Win32/Bagle.PI
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X
=================================================

[Jimmy2012]

Hello jf2008,
Glad to see you got the file scanned.

If you could please finish the rest of my post 11 to you, starting with STEP 5 running DSS. And after doing that please post the OTMoveIt2 log and the DSS main.txt in your next reply.

[jf2008]

Deckard's System Scanner v20071014.68
Run by JF1954 on 2008-08-08 15:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as JF1954.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:58, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\sj652\hpupdate.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\JF1954\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JF1954.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 8151 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-01 21:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-01 20:56:38 0 d-------- C:\Program Files\FLV Player
2008-08-01 20:07:14 0 d-------- C:\Program Files\Free YouTube Downloader Converter
2008-08-01 19:46:12 0 d-------- C:\Program Files\AVS4YOU
2008-08-01 14:32:22 182 --a------ C:\fix.reg
2008-08-01 07:32:18 0 d-------- C:\VundoFix Backups
2008-07-31 14:51:34 0 d-------- C:\WINDOWS\ERUNT
2008-07-30 20:43:24 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Adobe
2008-07-30 20:27:18 4350 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 20:26:27 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-30 20:26:27 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-30 20:26:27 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-30 20:26:27 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-30 20:26:27 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-30 20:26:27 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-30 20:26:27 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-30 20:26:27 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-30 19:01:50 0 d-------- C:\Documents and Settings\JF1954\Application Data\Recordpad
2008-07-30 19:01:47 0 d-------- C:\Documents and Settings\JF1954\Application Data\NCH Swift Sound
2008-07-30 19:01:31 0 d-------- C:\Program Files\NCH Software
2008-07-30 19:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-28 14:48:10 0 d-------- C:\Program Files\Albatross
2008-07-27 19:18:48 0 dr-h----- C:\Documents and Settings\JF1954\Recent
2008-07-23 21:26:30 0 d-------- C:\Documents and Settings\JF1954\Application Data\Simply Super Software
2008-07-23 18:12:41 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-07-22 12:35:06 0 d-------- C:\Documents and Settings\JF1954\Application Data\TmpRecentIcons
2008-07-22 09:56:41 0 d-------- C:\photoshopplugins
2008-07-21 10:36:35 0 d-------- C:\WINDOWS\Splash Screens
2008-07-19 15:26:44 0 d-------- C:\Documents and Settings\JF1954\Application Data\MP3toiPodAudioBookConverter
2008-07-19 15:20:41 0 d-------- C:\Program Files\MP3ToIpodAudioBookConverter
2008-07-18 17:26:50 0 d-------- C:\Program Files\Duplicate Music Files Finder
2008-07-18 15:21:58 0 d-------- C:\Documents and Settings\JF1954\Application Data\TuneUpMedia
2008-07-18 15:21:06 0 d-------- C:\Program Files\TuneUpMedia
2008-07-18 15:20:54 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
2008-07-17 18:42:39 0 d-------- C:\audiobooks
2008-07-17 17:46:55 0 d-------- C:\Documents and Settings\JF1954\Application Data\McAfee
2008-07-17 17:15:52 433664 --a------ C:\ipodpatcher.exe
2008-07-17 17:15:52 13899776 --a------ C:\Firmware.bin


-- Find3M Report ---------------------------------------------------------------

2008-08-01 20:56:39 0 d-------- C:\Program Files\Yahoo!
2008-08-01 19:49:52 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-08-01 19:47:11 0 d-------- C:\Documents and Settings\JF1954\Application Data\AVS4YOU
2008-07-31 17:40:04 0 d-------- C:\Program Files\STOPzilla!
2008-07-31 08:44:52 0 d-------- C:\Program Files\Trend Micro
2008-07-30 19:08:51 0 d-------- C:\Documents and Settings\JF1954\Application Data\Lavasoft
2008-07-30 19:08:18 0 d-------- C:\Program Files\Common Files
2008-07-30 19:06:44 0 d-------- C:\Program Files\NCH Swift Sound
2008-07-30 19:05:41 0 d-------- C:\Program Files\WorldMerge
2008-07-18 15:21:51 0 d-------- C:\Documents and Settings\JF1954\Application Data\Mozilla
2008-07-18 15:21:17 0 d-------- C:\Program Files\iTunes
2008-07-18 10:37:56 0 d-------- C:\Program Files\Xilisoft
2008-07-18 08:38:41 0 d-------- C:\Program Files\Winamp
2008-07-16 10:56:07 1 --a------ C:\Documents and Settings\JF1954\Application Data\FrontEndCD.ini
2008-07-03 19:01:47 0 d-------- C:\Documents and Settings\JF1954\Application Data\Adobe
2008-06-29 12:21:14 0 d-------- C:\Program Files\Bonjour
2008-06-29 12:21:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 12:02:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-27 07:42:47 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-06-26 16:54:13 0 d-------- C:\Program Files\WorldCast
2008-06-25 13:40:30 0 d-------- C:\Program Files\MailBoy 2004
2008-06-25 10:29:16 0 d-------- C:\Program Files\Total Training
2008-06-20 18:58:46 0 d-------- C:\Program Files\Free Submitter Pro
2008-06-20 10:38:00 0 d-------- C:\Program Files\Gallery Wizard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 12:56]
"HP Update 3400C"="C:\sj652\hpupdate.exe" [02/01/2002 02:33]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04/11/2003 03:25]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/28/2003 09:43]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 06:37]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [10/21/2001 04:54]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [11/29/2007 03:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/06/2005 08:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3877f2d-1e76-11db-8b2f-806d6172696f}]
AutoRun\command- Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-08-08 15:20:17 ------------
There were 2 logs.
==================================================================
file # 1
==================================================================
Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mzxlng.dll
C:\WINDOWS\system32\mzxlng.dll NOT unregistered.
C:\WINDOWS\system32\mzxlng.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uoeecuoi.dll
C:\WINDOWS\system32\uoeecuoi.dll NOT unregistered.
C:\WINDOWS\system32\uoeecuoi.dll moved successfully.
C:\WINDOWS\system32\pqBKlnpo.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\opnlKBqp.dll not found.
C:\WINDOWS\system32\AIPrAcdd.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\pgzlhz.dll not found.
File/Folder C:\WINDOWS\system32\wnpnuyym.dll not found.
File/Folder C:\WINDOWS\system32\awsrpt.dll not found.
File/Folder C:\WINDOWS\system32\mvktdbye.dll not found.
C:\WINDOWS\system32\lTDNonmp.ini2 moved successfully.
C:\Documents and Settings\JF1954\Application Data\SeekmoToolbar moved successfully.
C:\WINDOWS\system32\spkpygda.ini2 moved successfully.
C:\WINDOWS\system32\MnnTwGgh.ini2 moved successfully.
C:\END moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSXGGBDRIVER.DLL
C:\WINDOWS\system32\MSXGGBDRIVER.DLL NOT unregistered.
C:\WINDOWS\system32\MSXGGBDRIVER.DLL moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhhvdu.dll
C:\WINDOWS\system32\yhhvdu.dll NOT unregistered.
C:\WINDOWS\system32\yhhvdu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\avkwndar.dll
C:\WINDOWS\system32\avkwndar.dll NOT unregistered.
C:\WINDOWS\system32\avkwndar.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uebnodor.dll
C:\WINDOWS\system32\uebnodor.dll NOT unregistered.
C:\WINDOWS\system32\uebnodor.dll moved successfully.
File/Folder C:\WINDOWS\system32\dwacphgc.dll not found.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36} moved successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED} moved successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F} moved successfully.
C:\Program Files\USS\#_onitors\RegMonitor moved successfully.
C:\Program Files\USS\#_onitors\FileMonitor moved successfully.
C:\Program Files\USS\#_onitors\DirMonitor moved successfully.
C:\Program Files\USS\#_onitors moved successfully.
C:\Program Files\USS\#mon_tors\RegMon_tor moved successfully.
C:\Program Files\USS\#mon_tors\F_leMon_tor moved successfully.
C:\Program Files\USS\#mon_tors\D_rMon_tor moved successfully.
C:\Program Files\USS\#mon_tors moved successfully.
C:\Program Files\USS\#monitors\_ileMonitor moved successfully.
C:\Program Files\USS\#monitors\Reg_onitor moved successfully.
C:\Program Files\USS\#monitors\RegMonitor moved successfully.
C:\Program Files\USS\#monitors\File_onitor moved successfully.
C:\Program Files\USS\#monitors\FileMonitor moved successfully.
C:\Program Files\USS\#monitors\Dir_onitor moved successfully.
C:\Program Files\USS\#monitors\DirMonitor moved successfully.
C:\Program Files\USS\#monitors moved successfully.
C:\Program Files\USS\#agents\53 moved successfully.
C:\Program Files\USS\#agents moved successfully.
C:\Program Files\USS moved successfully.
File/Folder C:\Windows\System32\ALCXMNTR.EXE not found.
D:\Info.exe moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\JF1954\LOCALS~1\Temp\~DF90D3.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_142350

Files moved on Reboot...
C:\DOCUME~1\JF1954\LOCALS~1\Temp\~DF90D3.tmp moved successfully.
===============================================
file # 2
===============================================
Explorer killed successfully
File/Folder C:\WINDOWS\system32\mzxlng.dll not found.
File/Folder C:\WINDOWS\system32\uoeecuoi.dll not found.
File/Folder C:\WINDOWS\system32\pqBKlnpo.ini2 not found.
File/Folder C:\WINDOWS\system32\opnlKBqp.dll not found.
File/Folder C:\WINDOWS\system32\AIPrAcdd.ini2 not found.
File/Folder C:\WINDOWS\system32\pgzlhz.dll not found.
File/Folder C:\WINDOWS\system32\wnpnuyym.dll not found.
File/Folder C:\WINDOWS\system32\awsrpt.dll not found.
File/Folder C:\WINDOWS\system32\mvktdbye.dll not found.
File/Folder C:\WINDOWS\system32\lTDNonmp.ini2 not found.
File/Folder C:\Documents and Settings\JF1954\Application Data\SeekmoToolbar not found.
File/Folder C:\WINDOWS\system32\spkpygda.ini2 not found.
File/Folder C:\WINDOWS\system32\MnnTwGgh.ini2 not found.
File/Folder C:\END not found.
File/Folder C:\WINDOWS\system32\MSXGGBDRIVER.DLL not found.
File/Folder C:\WINDOWS\system32\yhhvdu.dll not found.
File/Folder C:\WINDOWS\system32\avkwndar.dll not found.
File/Folder C:\WINDOWS\system32\uebnodor.dll not found.
File/Folder C:\WINDOWS\system32\dwacphgc.dll not found.
File/Folder C:\Program Files\USS not found.
File/Folder C:\Windows\System32\ALCXMNTR.EXE not found.
File/Folder D:\Info.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ not found.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08082008_153220

[Jimmy2012]

Hello jf2008,

STEP 1

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3877f2d-1e76-11db-8b2f-806d6172696f}
  purity
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

~~~~~~~~~~
In your next reply please have these logs/info.
The OTMoveIt2 log
The Kaspersky log
And please tell me how your computer is running

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.