Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen of Death, Vundo Variants, and Much Much More. PLEASE Help&


  • This topic is locked This topic is locked

#16
cawris

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry about that. Kaspersky is attached

*HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:35 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9573 bytes

Attached Files


  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again cawris,

Unfortunately all your music folders are infected.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\All Users\Documents\My Music
    C:\Documents and Settings\Chris\Desktop\Music
    C:\Documents and Settings\Chris\My Documents\My Music
    C:\Documents and Settings\Default User\My Documents\My Music
    C:\i386\Classical Interlude 1.mp3
    C:\i386\copycd.wmv
    C:\i386\Get More with Jukebox Plus.mp3	
    C:\i386\Jazz Groove.mp3
    C:\i386\mdlib.wmv
    C:\i386\nuskin.wmv
    C:\i386\Piano Blues 1.mp3
    C:\i386\rtuner.wmv
    C:\i386\title.wma
    C:\i386\viz.wmv
    C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video
    C:\WINDOWS\system32\config\systemprofile\My Documents\My Music
    C:\WINDOWS\system32\oobe\images\title.wma
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now

Right click Start > Explore and navigate to C:\OTMoveIt and delete.

Next

Re run Kaspersky on line scan are post the results back here, hopefully your won't need to attach this time.

So when you come back post
  • OTMoveIt2 report
  • Kaspersky scan results

  • 0

#18
cawris

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
*OTMoveIt2
Explorer killed successfully
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0002E2A5 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\My Playlists moved successfully.
C:\Documents and Settings\All Users\Documents\My Music moved successfully.
C:\Documents and Settings\Chris\Desktop\Music\F02 moved successfully.
C:\Documents and Settings\Chris\Desktop\Music\F01 moved successfully.
C:\Documents and Settings\Chris\Desktop\Music\F00 moved successfully.
C:\Documents and Settings\Chris\Desktop\Music moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Weezer - The Blue Album moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Various Artists - Valentine's Day Album moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Various Artists - Kacie & Chris Dance Mix Volume I moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Tickle Me Pink - Madeline moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Who - Who's Greatest Hits moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Verve - Urban Hymns moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Raconteurs - Consolers Of The Lonely moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Raconteurs - Broken Boy Soldiers moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Mars Volta - De-Loused in the Comatorium moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\The Cranberries - No Need to Argue moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Stone Temple Pilots - Purple moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Soundgarden - Superunknown moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Smashing Pumpkins - Zeitgeist moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Smashing Pumpkins - Siamese Dream moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Smashing Pumpkins - Rotten Apples moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Smashing Pumpkins - Mellon Collie and the Infinite Sadness moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Smashing Pumpkins - Gish moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Rilo Kiley - Take Offs and Landings moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Rilo Kiley - More Adventurous moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Radiohead - Pablo Honey moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Radiohead - OK Computer moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Radiohead - Kid A moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Radiohead - In Rainbows moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\R.E.M. - Automatic for the People moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Queens of the Stone Age - Songs for the Deaf moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Phil Collins - Face Value moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Nirvana - Nirvana moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Nine Inch Nails - The Slip moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\My Morning Jacket- Evil Urges moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Live - Awake (The Best of Live) moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Led Zeppelin - Led Zeppelin Remasters moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Jane's Addiction - Nothing's Shocking moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Incubus - S.C.I.E.N.C.E moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Incubus - Make Yourself moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Incubus - Fungus Amongus moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Gnarls Barkley - The Odd Couple moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Franz Ferdinand - You Could Have It So Much Better moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Foo Fighters - One by One moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Foo Fighters - Echoes, Silence, Patience & Grace moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Flobots - Fight With Tools moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Elvis Costello - My Aim is True moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Death Cab For Cutie - Narrow Stairs moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Dave Matthews Band - Under the Table and Dreaming moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Dave Matthews Band - Crash moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coldplay - X&Y moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - The String Quartet Tribute To Coheed And Cambria moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - The Second Stage Turbine Blade moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - Live At La Zona Rosa [EP] moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - In Keeping Secrets of Silent Earth 3 moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - Good Apollo, I'm Burning Star IV, Vol. 2 moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Coheed and Cambria - Good Apollo, I'm Burning Star IV moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Circa Survive - Juturna moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt moved successfully.
C:\Documents and Settings\Chris\My Documents\My Music moved successfully.
C:\Documents and Settings\Default User\My Documents\My Music\Corel Sample Music moved successfully.
C:\Documents and Settings\Default User\My Documents\My Music moved successfully.
C:\i386\Classical Interlude 1.mp3 moved successfully.
C:\i386\copycd.wmv moved successfully.
C:\i386\Get More with Jukebox Plus.mp3 moved successfully.
C:\i386\Jazz Groove.mp3 moved successfully.
C:\i386\mdlib.wmv moved successfully.
C:\i386\nuskin.wmv moved successfully.
C:\i386\Piano Blues 1.mp3 moved successfully.
C:\i386\rtuner.wmv moved successfully.
C:\i386\title.wma moved successfully.
C:\i386\viz.wmv moved successfully.
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video moved successfully.
C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\Corel Sample Music moved successfully.
C:\WINDOWS\system32\config\systemprofile\My Documents\My Music moved successfully.
C:\WINDOWS\system32\oobe\images\title.wma moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_v24FK5ldkAJqQeSWGAki scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\hsperfdata_Chris\2480 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08062008_150856


*Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 06, 2008 4:07:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/08/2008
Kaspersky Anti-Virus database records: 1063057
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 45422
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:48:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Chris\.rainlendar2\rainlendar2.log Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\key3.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-8-6-2008( 12-30-47 ).LOG Object is locked skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temp\etilqs_v24FK5ldkAJqQeSWGAki Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temp\hsperfdata_Chris\2480 Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002190.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002426.dll Infected: Trojan.Win32.Obfuscated.qcc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FADE9635-E517-44DC-B92D-3E015AF57A7F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped

Scan process completed.
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello cawris,

Well I think we have got them all now. :) What's left is in System Restore which we will clean up in this post.

We have a couple of last steps to perform and then you're all set. :)

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#20
cawris

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks a lot. I use Firefox as well, but I managed to mess it up anyway. Once again though, thanks for the help. Speedy response and excellent instructions. This is definitely my home for computer issues in the future. :)
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I use Firefox as well, but I managed to mess it up anyway.


Oh well, if people insist on using P2P sharing programs to pass suspect files they will still get infected.

Once again though, thanks for the help.


Glad to be of assistance, your thanks is shared with the moderators here without whom you would not be receiving the excellant quality of help that this site offers.

regards
emeraldnzl
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP