Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Warning! Spyware detected on your computer!" [CLOSE


  • This topic is locked This topic is locked

#1
mdchallenger18

mdchallenger18

    Member

  • Member
  • PipPip
  • 30 posts
Hi,

I need your help on this. I was also infected with a spyware. I run the hijack this and the log is shown below. I followed your suggested steps 1 - 3 but when i run DSS it shows an error that it cannot finished dss scanning. What will be my resolution on this.
Hey everyone. I'm kind of new to this.
My computer basically has the reading "warning! Spyware detected on your computer. Install and antivirus or spyware remover to clean your computer."

This warning is in a blue and yellow box (yellow on top).

Also, my desktop is completely blue and when my computer goes into screensaver mode, all these bugs start crawling on it, eating away at the desktop making it blue.



Thanks!


Mario





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:09 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\UKF50D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jucheck.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.9.1.247:8.../servlet/ddrint
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.1.192:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.9.1.249;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 6199 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...




Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




Please post these logs in your next reply,

1. Malwarebytes'
2. Kaspersky Online..


Regards
fenzodahl512
  • 0

#3
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
:) ;) :) :) :) :)
  • 0

#4
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi fenzodahl512!

Here is the log for your analysis:

Malwarebytes' Anti-Malware 1.24
Database version: 1053
Windows 5.1.2600 Service Pack 2

9:33:45 AM 8/15/2008
mbam-log-8-15-2008 (09-33-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 69880
Time elapsed: 22 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcn8pj0ej67.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcn8pj0ej67.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn8pj0ej67.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

But i cannot do the kaspersky online scanning because of the following error:


Please wait to update the virus definitions...
Kaspersky Online Scanner license has expired!
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator
  • 0

#6
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Again,

This is the log of main.txt

Deckard's System Scanner v20071014.68
Run by Santos_GDV on 2008-08-15 16:53:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-08-15 08:53:29 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-08-15 05:20:39 UTC - RP7 - Installed Windows Media Player 11
6: 2008-08-15 04:06:14 UTC - RP6 - System Checkpoint
5: 2008-08-14 04:01:35 UTC - RP5 - System Checkpoint
4: 2008-08-11 03:10:13 UTC - RP4 - Installed Windows Media Player 9 Series Winter Fun Pack


-- First Restore Point --
1: 2008-08-08 07:56:53 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Santos_GDV.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:59 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TOB1CC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Santos_GDV\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SANTOS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.9.1.247:8.../servlet/ddrint
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.1.192:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.9.1.249;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 6216 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080808-162714-436 O4 - HKLM\..\Run: [lphcn8pj0ej67] C:\WINDOWS\system32\lphcn8pj0ej67.exe

-- File Associations -----------------------------------------------------------

.ini - UltraEdit.ini - DefaultIcon - unable to read value
.ini - UltraEdit.ini - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.js - UltraEdit.js - DefaultIcon - unable to read value
.js - UltraEdit.js - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - UltraEdit.txt - DefaultIcon - unable to read value
.txt - UltraEdit.txt - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>

S3 PSSdk21 - c:\windows\system32\drivers\hnpssdk.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 acs (Atheros Configuration Service) - c:\windows\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries ™ Access for Windows>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 10:06:04 116 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-07-15 and 2008-08-15 -----------------------------

2008-08-15 09:55:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-15 09:55:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 09:02:11 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Malwarebytes
2008-08-15 09:02:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 09:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 11:10:16 0 d-------- C:\Program Files\Windows XP Fun Pack
2008-07-31 10:42:35 0 d--hs---- C:\Documents and Settings\Santos_GDV\Phone Browser
2008-07-28 08:53:28 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-28 08:40:51 0 dr-h----- C:\MSOCache
2008-07-25 19:45:36 0 d-------- C:\Program Files\The KMPlayer
2008-07-25 19:45:13 14047581 --a------ C:\Program Files\kmp_1430 (May 2008 version).exe
2008-07-23 13:43:06 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Nokia
2008-07-23 13:43:06 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-23 13:42:28 0 d-------- C:\Program Files\DIFX
2008-07-23 13:42:26 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\PC Suite
2008-07-23 13:42:21 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-23 13:42:02 0 d-------- C:\Program Files\Nokia
2008-07-23 13:40:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations


-- Find3M Report ---------------------------------------------------------------

2008-08-12 12:32:35 72154 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-08 16:23:07 0 d-------- C:\Program Files\Trend Micro
2008-08-08 15:05:16 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\AdobeUM
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files
2008-07-22 17:45:50 0 d-------- C:\Program Files\Online Services
2008-07-10 09:54:51 0 d-------- C:\Program Files\WinPcap
2008-06-30 13:50:41 0 d-------- C:\Program Files\Ahead
2008-06-30 13:48:50 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Ahead
2008-06-30 13:47:31 0 d-------- C:\Program Files\Common Files\Nero
2008-06-30 13:45:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-30 09:22:09 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\IDMComp
2008-06-25 15:52:40 0 d-------- C:\Program Files\FORT
2008-06-23 10:13:29 0 d-------- C:\Program Files\activePDF
2008-06-18 10:12:21 376 --a------ C:\ACH16301
2008-06-17 09:08:36 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 18:09:56 73216 --a----c- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-10 22:15:46 62 --ahs---- C:\Documents and Settings\Santos_GDV\Application Data\desktop.ini
2008-06-10 14:26:41 0 -rahs---- C:\MSDOS.SYS
2008-06-10 14:26:41 0 -rahs---- C:\IO.SYS
2008-06-10 14:26:41 0 --a------ C:\CONFIG.SYS
2008-06-10 14:26:41 0 --a------ C:\AUTOEXEC.BAT
2008-06-10 14:23:19 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/21/2008 08:49 AM]
"nwiz"="nwiz.exe" [03/21/2008 08:49 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/21/2008 08:49 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [01/24/2008 10:21 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/24/2008 05:53 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/08/2007 09:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [08/19/2003 05:23 PM]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [01/23/2004 05:30 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [01/23/2004 05:30 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [01/23/2004 05:30 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [01/23/2004 05:30 AM]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [01/23/2004 05:30 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/05/2008 03:30 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/05/2007 04:14 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/05/2007 04:14 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"EtherDetect"="" []
"AIM Sniffer"="" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/28/2006 02:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/11/2008 11:10:42 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 04:36 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f}]
AutoRun\command- E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eccc7e4-4251-11dd-9546-001f3c4ddd4f}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f919e-391b-11dd-9539-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs




-- End of Deckard's System Scanner: finished at 2008-08-15 16:54:30 ------------

This is the log of extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
CPU 1: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2014.22 MiB / 1572.81 MiB
Pagefile Memory (total/avail): 3907.39 MiB / 3609.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.16 MiB

A: is Network (NTFS)
B: is Network (NTFS)
C: is Fixed (NTFS) - 149.05 GiB total, 133.62 GiB free.
D: is CDROM (No Media)
U: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-08RST2 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Trend Micro OfficeScan Enterprise Client Firewall v7.3 (TrendFirewall)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"


-- Environment Variables -------------------------------------------------------

ALLIANT=C:\PROGRA~1\COMMON~1\BORLAN~1\Bde;C:\PROGRA~1\Fiserv\Alliant\Common\ImageMan;C:\PROGRA~1\Fiserv\Alliant\Common
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Santos_GDV\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EIBAUD001
ComSpec=C:\WINDOWS\system32\cmd.exe
FISERVSHARED=C:\PROGRA~1\COMMON~1\FISERV~1\Alliant
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Santos_GDV
INFORMIXDIR=C:\PROGRAM FILES\INFORMIX
LOGONSERVER=\\EIBCHINOROCES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\PROGRA~1\COMMON~1\BORLAN~1\Bde;C:\PROGRA~1\Fiserv\Alliant\Common\ImageMan;C:\PROGRA~1\Fiserv\Alliant\Common;C:\PROGRA~1\COMMON~1\FISERV~1\Alliant;C:\PROGRAM FILES\INFORMIX\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp
USERDOMAIN=EIB_HO
USERNAME=Santos_GDV
USERPROFILE=C:\Documents and Settings\Santos_GDV
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

EXPORT BANK (admin)
Administrator (admin)
Santos_GDV (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Aoc\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL16.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL17.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL18.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL19.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL20.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL21.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL22.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL23.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL24.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL25.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL26.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL27.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL28.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL29.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL30.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL31.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL32.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL33.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL34.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL35.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL36.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL68.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\EZSetup\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL2.isu"
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Fiserv Alliant Branch Teller Products --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fiserv\Alliant\Uninst.isu"
FORT v1.13 --> "C:\Program Files\FORT\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
INFORMIX-CLI 32 --> C:\WINDOWS\uninst.exe -f"C:\PROGRAM FILES\INFORMIX\BIN\DeIsL1.isu"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 SDK, SE v1.4.2_01 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
u/SWITCHWARE --> MsiExec.exe /I{01A75A0F-9CFB-4609-BC22-38A61F7849CE}
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinPcap 4.1 beta2 --> C:\Program Files\WinPcap\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1538 / Error
Event Submitted/Written: 08/15/2008 03:49:30 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type1514 / Error
Event Submitted/Written: 08/15/2008 09:37:08 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type1507 / Error
Event Submitted/Written: 08/15/2008 09:35:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x10078f40.
Processing media-specific event for [ctfmon.exe!ws!]

Event Record #/Type1501 / Error
Event Submitted/Written: 08/15/2008 08:32:22 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type1495 / Error
Event Submitted/Written: 08/14/2008 04:34:47 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3506 / Warning
Event Submitted/Written: 08/15/2008 04:23:06 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.

Event Record #/Type3489 / Warning
Event Submitted/Written: 08/15/2008 03:49:57 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.

Event Record #/Type3485 / Error
Event Submitted/Written: 08/15/2008 03:48:30 PM
Event ID/Source: 28 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are accessible.
NtpClient has no source of accurate time.

Event Record #/Type3484 / Warning
Event Submitted/Written: 08/15/2008 03:48:30 PM
Event ID/Source: 13 / W32Time
Event Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to
determine its time source, but the computer is joined to a
Windows NT 4.0 domain. Windows NT 4.0 domain controllers do not have
a time service and do not support domain hierarchy as a time source.
NtpClient will attempt to use an alternate configured external time
source if available. If an external time source is not configured
or used for this computer, you may choose to disable the NtpClient.

Event Record #/Type3480 / Warning
Event Submitted/Written: 08/15/2008 01:29:14 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.



-- End of Deckard's System Scanner: finished at 2008-08-15 16:54:30 ------------

Thanks again!
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\ACH16301
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    PSSdk21 <delete service>
    C:\WINDOWS\TEMP\TOB1CC.EXE
    E:\Autorun.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EtherDetect
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM Sniffer
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eccc7e4-4251-11dd-9546-001f3c4ddd4f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f919e-391b-11dd-9539-001f3c4ddd4f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





NEXT


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:



Please post the following logs in your next reply..

1. VirScan.org
2. OTMoveIt2
3. A fresh DSS log (after installing an antivirus)


Regards
fenzodahl512

Edited by fenzodahl512, 15 August 2008 - 03:19 AM.

  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
User returned.. Please post the requested log please :)
  • 0

#10
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Fenzodahl512,

Here are the logs.

1. viruscan

VirSCAN.org Scanned Report :
Scanned time : 2008/08/21 13:41:23 (PHT)
Scanner results: All Scanners reported not find malware!
File Name : ACH16301
File Size : 376 byte
File Type : data
MD5 : 28baebac5744169313a7c80f8edbd051
SHA1 : 687444d3da24f32788bc551ace89dd036ebabcaf
Online report : http://virscan.org/r...e0baeb06e0.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.20 2008-08-20 2.46 -
AhnLab V3 2008.08.21.01 2008.08.21 2008-08-21 0.88 -
AntiVir 7.8.1.23 7.0.6.45 2008-08-20 2.24 -
Arcavir 1.0.5 200808201237 2008-08-20 1.19 -
AVAST! 3.0.1 080820-0 2008-08-20 0.00 -
AVG 7.5.51.442 270.6.6/1624 2008-08-20 1.53 -
BitDefender 7.60825.1571430 7.20606 2008-08-21 2.84 -
CA (VET) 9.0.0.143 31.6.6038 2008-08-20 4.53 -
ClamAV 0.93.3 8061 2008-08-21 0.00 -
Comodo 2.11 2.0.0.623 2008-08-21 0.43 -
CP Secure 1.1.0.715 2008.08.21 2008-08-21 6.17 -
Dr.Web 4.44.0.9170 2008.08.20 2008-08-20 3.07 -
ewido 4.0.0.2 2008.08.20 2008-08-20 2.66 -
F-Prot 4.4.4.56 20080820 2008-08-20 0.98 -
F-Secure 5.51.6100 2008.08.21.01 2008-08-21 0.03 -
Fortinet 2.81-3.11 9.453 2008-08-21 1.72 -
ViRobot 20080820 2008.08.20 2008-08-20 0.39 -
Ikarus T3.1.01.34 2008.08.21.71314 2008-08-21 3.45 -
JiangMin 11.0.706 2008.08.21 2008-08-21 1.64 -
Kaspersky 5.5.10 2008.08.21 2008-08-21 0.02 -
KingSoft 2008.1.14.15 2008.8.21.14 2008-08-21 0.62 -
McAfee 5.2.00 5365 2008-08-20 2.60 -
Microsoft 1.3807 2008.08.21 2008-08-21 4.08 -
mks_vir 2.01 2008.08.19 2008-08-19 2.53 -
Norman 5.93.01 5.93.00 2008-08-20 4.83 -
Panda 9.05.01 2008.08.20 2008-08-20 1.86 -
Trend Micro 8.700-1004 5.492.01 2008-08-20 0.02 -
Quick Heal 9.50 2008.08.20 2008-08-20 1.61 -
Rising 20.0 20.58.30.00 2008-08-21 0.56 -
Sophos 2.77.0 4.32 2008-08-21 1.88 -
Sunbelt 3.1.1564.1 2196 2008-08-19 0.39 -
Symantec 1.3.0.24 20080820.016 2008-08-20 0.20 -
nProtect 2008-08-20.00 1906563 2008-08-20 3.40 -
The Hacker 6.3.0.6 v00056 2008-08-20 0.41 -
VBA32 3.12.8.3 20080820.0621 2008-08-20 1.09 -
VirusBuster 4.5.11.10 10.84.6/598334 2008-08-19 0.78 -


2. Otmoveit

Explorer killed successfully
Service not present: PSSdk21.
File/Folder C:\WINDOWS\TEMP\TOB1CC.EXE not found.
File/Folder E:\Autorun.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EtherDetect >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EtherDetect not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM Sniffer >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM Sniffer not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eccc7e4-4251-11dd-9546-001f3c4ddd4f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eccc7e4-4251-11dd-9546-001f3c4ddd4f}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f919e-391b-11dd-9539-001f3c4ddd4f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f919e-391b-11dd-9539-001f3c4ddd4f}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f}\\ not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\FEBDD7.EXE scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_135602

Files moved on Reboot...
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\ExchangePerflog_8484fa313d03d6e1467773b1.dat not found!
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DF2B0F.tmp not found!
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DF3EDC.tmp not found!
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DF5FBB.tmp not found!
File C:\WINDOWS\temp\FEBDD7.EXE not found!

3. I did not installed the antivirus software you have recommended because I already have one. The trend micro was installed in my pc. I just wonder why did you not see it in the log.


Thanks again

Mario
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hi.. Please post me a fresh DSS log for my review.. :)
  • 0

#12
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the DSS log:

Deckard's System Scanner v20071014.68
Run by Santos_GDV on 2008-08-26 11:16:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Santos_GDV.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:57 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\CS72B6.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Santos_GDV\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SANTOS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.9.1.247:8.../servlet/ddrint
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.1.192:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.9.1.249;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EIBHO.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = EIBHO.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EIBHO.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EIBHO.LOCAL
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 6882 bytes

-- Files created between 2008-07-26 and 2008-08-26 -----------------------------

2008-08-21 09:03:16 0 d-------- C:\Program Files\TurboNote
2008-08-18 18:25:57 10 --a------ C:\WINDOWS\popcinfo.dat
2008-08-18 18:11:41 0 d--h----- C:\WINDOWS\PIF
2008-08-16 10:27:31 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-16 10:24:27 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Datalayer
2008-08-15 09:55:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-15 09:55:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 09:02:11 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Malwarebytes
2008-08-15 09:02:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 09:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 11:10:16 0 d-------- C:\Program Files\Windows XP Fun Pack
2008-07-31 10:42:35 0 d--hs---- C:\Documents and Settings\Santos_GDV\Phone Browser
2008-07-28 08:53:28 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-28 08:40:51 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2008-08-25 22:14:10 72154 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-08 16:23:07 0 d-------- C:\Program Files\Trend Micro
2008-08-08 15:05:16 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\AdobeUM
2008-08-08 09:40:07 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Nokia
2008-08-08 09:39:20 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\PC Suite
2008-07-25 19:46:20 0 d-------- C:\Program Files\The KMPlayer
2008-07-23 13:42:50 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-23 13:42:46 0 d-------- C:\Program Files\Nokia
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-23 13:42:28 0 d-------- C:\Program Files\DIFX
2008-07-23 13:42:22 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-22 17:45:50 0 d-------- C:\Program Files\Online Services
2008-07-10 09:54:51 0 d-------- C:\Program Files\WinPcap
2008-06-30 13:50:41 0 d-------- C:\Program Files\Ahead
2008-06-30 13:48:50 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Ahead
2008-06-30 13:47:31 0 d-------- C:\Program Files\Common Files\Nero
2008-06-30 13:45:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-30 09:22:09 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\IDMComp
2008-06-18 10:12:21 376 --a------ C:\ACH16301
2008-06-11 18:09:56 73216 --a----c- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-10 22:15:46 62 --ahs---- C:\Documents and Settings\Santos_GDV\Application Data\desktop.ini
2008-06-10 14:26:41 0 -rahs---- C:\MSDOS.SYS
2008-06-10 14:26:41 0 -rahs---- C:\IO.SYS
2008-06-10 14:26:41 0 --a------ C:\CONFIG.SYS
2008-06-10 14:26:41 0 --a------ C:\AUTOEXEC.BAT
2008-06-10 14:23:19 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-05-30 10:37:22 14047581 --a------ C:\Program Files\kmp_1430 (May 2008 version).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/21/2008 08:49 AM]
"nwiz"="nwiz.exe" [03/21/2008 08:49 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/21/2008 08:49 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [01/24/2008 10:21 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/24/2008 05:53 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/08/2007 09:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [08/19/2003 05:23 PM]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [01/23/2004 05:30 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [01/23/2004 05:30 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [01/23/2004 05:30 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [01/23/2004 05:30 AM]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [01/23/2004 05:30 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/05/2008 03:30 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/05/2007 04:14 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/05/2007 04:14 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/28/2006 02:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/11/2008 11:10:42 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]
TurboNote.lnk - C:\Program Files\TurboNote\tbnote.exe [8/21/2008 9:03:16 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 04:36 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f}]
AutoRun\command- E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs




-- End of Deckard's System Scanner: finished at 2008-08-26 11:17:25 ------------


Thanks again
  • 0

#13
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi again,

I have a concern on this part of the log:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs


I think it is another malware...


Thanks!
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\TEMP\CS72B6.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





NEXT


Please download from Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.





NEXT



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



Post me these logs in your next reply.. Post each log in separate post...

1. OTMoveIt2
2. ESET Online Scanner
3. A fresh DSS log (after ESET step)
4. Tell me about your computer behaviour..
  • 0

#15
mdchallenger18

mdchallenger18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
"1. OTmoveit Log:

Explorer killed successfully
C:\WINDOWS\TEMP\CS72B6.EXE moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}\\ deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\ExchangePerflog_8484fa313d03d6e1467773b1.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DFB0B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DFB0C4.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_134216

Files moved on Reboot...
C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\ExchangePerflog_8484fa313d03d6e1467773b1.dat moved successfully.
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DFB0B7.tmp not found!
File C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp\~DFB0C4.tmp not found!

2. When I installed the ActiveX for ESET Scanner, there was an error message " Update Failed (200)".

3. I did not post the log because the ESET Scanner installation is not successful.

4. The disinfection on USB does not create the autorun INF folder.

Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP