Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with removal of Trojan Tesllar A [RESOLVED]


  • This topic is locked This topic is locked

#1
JCD81

JCD81

    Member

  • Member
  • PipPip
  • 20 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:49 AM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\User\Application Data\Gool\Gool.exe
C:\Documents and Settings\User\Application Data\Microsoft\Windows\xhpsismr.exe
C:\DOCUME~1\User\MYDOCU~1\PPATCH~1\javaw.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB} - C:\WINDOWS\system32\rqRLcYrp.dll (file missing)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\User\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\User\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\User\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\User\Application Data\Microsoft\Windows\xhpsismr.exe
O4 - HKCU\..\Run: [Corn] "C:\DOCUME~1\User\MYDOCU~1\PPATCH~1\javaw.exe" -vt yazb
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175891834468
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O20 - Winlogon Notify: rqRLcYrp - rqRLcYrp.dll (file missing)
O20 - Winlogon Notify: vtUooMdd - vtUooMdd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://www.streamaud...images/logo.gif
O24 - Desktop Component 1: (no name) - https://webconnect.csx.com/back.jpg
O24 - Desktop Component 2: (no name) - http://us.music1.yim...g/hdr_lcast.jpg

--
End of file - 9594 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#3
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : User ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:11 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Mon 11/03/2008|23:00 )

--------------------\\ Listing folders in APPLIC~1

[03/30/2007|02:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[09/22/2008|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/13/2007|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/11/2008|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/11/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/30/2007|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/04/2007|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[07/15/2008|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MGTEK
[01/25/2008|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/04/2007|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[04/24/2007|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[04/14/2007|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/05/2007|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[02/21/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[03/30/2007|02:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/04/2007|07:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/01/2008|01:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> NetMon

[01/25/2008|07:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[06/03/2008|10:20] C:\DOCUME~1\User\APPLIC~1\<DIR> Adobe
[04/13/2007|12:30] C:\DOCUME~1\User\APPLIC~1\<DIR> AdobeAUM
[04/13/2007|12:30] C:\DOCUME~1\User\APPLIC~1\<DIR> AdobeUM
[07/12/2008|04:39] C:\DOCUME~1\User\APPLIC~1\<DIR> Apple Computer
[04/05/2007|10:20] C:\DOCUME~1\User\APPLIC~1\<DIR> CyberLink
[10/31/2008|12:12] C:\DOCUME~1\User\APPLIC~1\<DIR> Facegame
[07/18/2008|12:11] C:\DOCUME~1\User\APPLIC~1\<DIR> FrostWire
[11/01/2008|12:29] C:\DOCUME~1\User\APPLIC~1\<DIR> Gool
[07/03/2007|07:38] C:\DOCUME~1\User\APPLIC~1\<DIR> Help
[03/30/2007|02:10] C:\DOCUME~1\User\APPLIC~1\<DIR> Identities
[04/23/2007|08:12] C:\DOCUME~1\User\APPLIC~1\<DIR> Leadertech
[11/03/2008|09:51] C:\DOCUME~1\User\APPLIC~1\<DIR> LimeWire
[01/22/2008|12:42] C:\DOCUME~1\User\APPLIC~1\<DIR> Macromedia
[04/04/2007|06:20] C:\DOCUME~1\User\APPLIC~1\<DIR> MAGIX
[07/11/2008|04:33] C:\DOCUME~1\User\APPLIC~1\<DIR> Microsoft
[04/04/2007|09:03] C:\DOCUME~1\User\APPLIC~1\<DIR> Roxio
[11/03/2008|03:53] C:\DOCUME~1\User\APPLIC~1\<DIR> SpeedRunner
[04/06/2007|03:53] C:\DOCUME~1\User\APPLIC~1\<DIR> Sun
[07/14/2008|10:11] C:\DOCUME~1\User\APPLIC~1\<DIR> U3
[10/04/2008|03:52] C:\DOCUME~1\User\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[04/26/2007|04:35] C:\DOCUME~1\User\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[01/13/2008|08:52] C:\DOCUME~1\User\APPLIC~1\<DIR> Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/03/2008 09:42 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/03/2008 09:17 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/15/2007 02:13 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[11/03/2008 09:13 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/23/2007|08:12] C:\Program Files\<DIR> Adobe
[03/30/2007|02:41] C:\Program Files\<DIR> Ahead
[08/25/2008|10:16] C:\Program Files\<DIR> Apple Software Update
[04/23/2008|08:44] C:\Program Files\<DIR> Atari
[09/22/2008|08:45] C:\Program Files\<DIR> Bonjour
[11/01/2008|08:39] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[11/01/2008|08:19] C:\Program Files\<DIR> Common Files
[03/30/2007|02:01] C:\Program Files\<DIR> ComPlus Applications
[07/06/2008|01:29] C:\Program Files\<DIR> Cosmi
[07/15/2008|06:12] C:\Program Files\<DIR> Cucusoft
[03/30/2007|02:47] C:\Program Files\<DIR> CyberLink
[01/07/2008|12:05] C:\Program Files\<DIR> DivX
[07/18/2008|05:55] C:\Program Files\<DIR> FrostWire
[12/04/2007|04:08] C:\Program Files\<DIR> InstallShield Installation Information
[10/15/2008|02:09] C:\Program Files\<DIR> Internet Explorer
[09/22/2008|09:23] C:\Program Files\<DIR> iPod
[09/22/2008|09:23] C:\Program Files\<DIR> iTunes
[04/24/2007|11:23] C:\Program Files\<DIR> Java
[12/04/2007|04:08] C:\Program Files\<DIR> LG Electronics
[10/01/2008|07:52] C:\Program Files\<DIR> LimeWire
[09/11/2008|09:05] C:\Program Files\<DIR> Messenger
[03/30/2007|02:52] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2007|02:02] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[03/30/2007|02:05] C:\Program Files\<DIR> microsoft frontpage
[03/30/2007|02:51] C:\Program Files\<DIR> Microsoft Office
[03/30/2007|02:52] C:\Program Files\<DIR> Microsoft Visual Studio
[11/01/2008|12:19] C:\Program Files\<DIR> Mjcore
[09/11/2008|08:57] C:\Program Files\<DIR> Movie Maker
[07/11/2008|01:35] C:\Program Files\<DIR> MP3 Rocket
[04/25/2007|01:47] C:\Program Files\<DIR> MSN
[03/30/2007|02:01] C:\Program Files\<DIR> MSN Gaming Zone
[08/16/2007|02:01] C:\Program Files\<DIR> MSXML 4.0
[09/11/2008|08:54] C:\Program Files\<DIR> NetMeeting
[11/01/2008|08:22] C:\Program Files\<DIR> Network Monitor
[11/01/2008|02:02] C:\Program Files\<DIR> OINAnalytics
[03/30/2007|02:03] C:\Program Files\<DIR> Online Services
[09/11/2008|08:54] C:\Program Files\<DIR> Outlook Express
[09/22/2008|09:20] C:\Program Files\<DIR> QuickTime
[03/30/2007|02:31] C:\Program Files\<DIR> S3
[07/10/2008|11:49] C:\Program Files\<DIR> SmartDraw 2008
[11/03/2008|08:26] C:\Program Files\<DIR> Trend Micro
[03/30/2007|02:10] C:\Program Files\<DIR> Uninstall Information
[12/04/2007|04:07] C:\Program Files\<DIR> Verizon Wireless
[03/30/2007|02:13] C:\Program Files\<DIR> VIA
[04/26/2007|04:36] C:\Program Files\<DIR> Wal-Mart
[11/01/2008|12:24] C:\Program Files\<DIR> Webtools
[01/25/2008|06:46] C:\Program Files\<DIR> Windows Defender
[12/04/2007|05:23] C:\Program Files\<DIR> Windows Media Connect 2
[09/11/2008|08:54] C:\Program Files\<DIR> Windows Media Player
[09/11/2008|08:54] C:\Program Files\<DIR> Windows NT
[03/30/2007|02:03] C:\Program Files\<DIR> WindowsUpdate
[03/30/2007|02:05] C:\Program Files\<DIR> xerox
[02/22/2008|05:15] C:\Program Files\<DIR> Yahoo!
[06/03/2008|03:19] C:\Program Files\<DIR> Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/13/2007|12:31] C:\Program Files\Common Files\<DIR> Adobe
[03/30/2007|02:41] C:\Program Files\Common Files\<DIR> Ahead
[09/22/2008|09:19] C:\Program Files\Common Files\<DIR> Apple
[03/30/2007|02:52] C:\Program Files\Common Files\<DIR> Designer
[07/15/2008|06:11] C:\Program Files\Common Files\<DIR> Download Manager
[11/01/2008|08:20] C:\Program Files\Common Files\<DIR> fqkk
[04/26/2007|04:36] C:\Program Files\Common Files\<DIR> HP
[04/05/2007|09:55] C:\Program Files\Common Files\<DIR> InstallShield
[04/24/2007|11:22] C:\Program Files\Common Files\<DIR> Java
[03/30/2007|02:51] C:\Program Files\Common Files\<DIR> L&H
[04/15/2007|02:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/30/2007|02:02] C:\Program Files\Common Files\<DIR> MSSoap
[03/30/2007|02:42] C:\Program Files\Common Files\<DIR> Nero
[03/30/2007|08:55] C:\Program Files\Common Files\<DIR> ODBC
[02/22/2008|05:15] C:\Program Files\Common Files\<DIR> Scanner
[03/30/2007|02:02] C:\Program Files\Common Files\<DIR> Services
[03/30/2007|08:55] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/06/2007|02:50] C:\Program Files\Common Files\<DIR> SupportSoft
[09/11/2008|08:54] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 39 Processes )

iexplore.exe ~ [PID:6552]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\User\LOCALS~1\Temp\nsuC2.tmp
C:\DOCUME~1\User\Cookies\user@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 23:05:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\HhNVvyay.ini
C:\WINDOWS\system32\HhNVvyay.ini2
C:\WINDOWS\system32\oqppYcdd.ini
C:\WINDOWS\system32\oqppYcdd.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User\My Documents\Updater5\My Music\Lil Wayne\The Drought 3 Disc 2\03 crack da bottle.wma


[F:2114][D:96]-> C:\DOCUME~1\User\LOCALS~1\Temp
[F:988][D:0]-> C:\DOCUME~1\User\Cookies
[F:12730][D:70]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 11/03/2008|10:16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 11/03/2008|23:08 - Option : [1]

--------------------\\ Scan completed at 23:08:06
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\HhNVvyay.ini
    C:\WINDOWS\system32\HhNVvyay.ini2
    C:\WINDOWS\system32\oqppYcdd.ini
    C:\WINDOWS\system32\oqppYcdd.ini2
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#5
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : User ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:11 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Tue 11/04/2008| 8:36 )

--------------------\\ Listing folders in APPLIC~1

[03/30/2007|02:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[09/22/2008|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/13/2007|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/11/2008|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/11/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/30/2007|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/04/2007|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[07/15/2008|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MGTEK
[01/25/2008|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/04/2007|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[04/24/2007|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[04/14/2007|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/05/2007|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[02/21/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[03/30/2007|02:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/04/2007|07:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/01/2008|01:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> NetMon

[01/25/2008|07:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[06/03/2008|10:20] C:\DOCUME~1\User\APPLIC~1\<DIR> Adobe
[04/13/2007|12:30] C:\DOCUME~1\User\APPLIC~1\<DIR> AdobeAUM
[04/13/2007|12:30] C:\DOCUME~1\User\APPLIC~1\<DIR> AdobeUM
[07/12/2008|04:39] C:\DOCUME~1\User\APPLIC~1\<DIR> Apple Computer
[04/05/2007|10:20] C:\DOCUME~1\User\APPLIC~1\<DIR> CyberLink
[10/31/2008|12:12] C:\DOCUME~1\User\APPLIC~1\<DIR> Facegame
[07/18/2008|12:11] C:\DOCUME~1\User\APPLIC~1\<DIR> FrostWire
[11/01/2008|12:29] C:\DOCUME~1\User\APPLIC~1\<DIR> Gool
[07/03/2007|07:38] C:\DOCUME~1\User\APPLIC~1\<DIR> Help
[03/30/2007|02:10] C:\DOCUME~1\User\APPLIC~1\<DIR> Identities
[04/23/2007|08:12] C:\DOCUME~1\User\APPLIC~1\<DIR> Leadertech
[11/03/2008|11:47] C:\DOCUME~1\User\APPLIC~1\<DIR> LimeWire
[01/22/2008|12:42] C:\DOCUME~1\User\APPLIC~1\<DIR> Macromedia
[04/04/2007|06:20] C:\DOCUME~1\User\APPLIC~1\<DIR> MAGIX
[07/11/2008|04:33] C:\DOCUME~1\User\APPLIC~1\<DIR> Microsoft
[04/04/2007|09:03] C:\DOCUME~1\User\APPLIC~1\<DIR> Roxio
[11/04/2008|03:53] C:\DOCUME~1\User\APPLIC~1\<DIR> SpeedRunner
[04/06/2007|03:53] C:\DOCUME~1\User\APPLIC~1\<DIR> Sun
[07/14/2008|10:11] C:\DOCUME~1\User\APPLIC~1\<DIR> U3
[10/04/2008|03:52] C:\DOCUME~1\User\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[04/26/2007|04:35] C:\DOCUME~1\User\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[01/13/2008|08:52] C:\DOCUME~1\User\APPLIC~1\<DIR> Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/03/2008 09:42 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/04/2008 02:07 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/15/2007 02:13 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[11/03/2008 09:13 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/23/2007|08:12] C:\Program Files\<DIR> Adobe
[03/30/2007|02:41] C:\Program Files\<DIR> Ahead
[08/25/2008|10:16] C:\Program Files\<DIR> Apple Software Update
[04/23/2008|08:44] C:\Program Files\<DIR> Atari
[09/22/2008|08:45] C:\Program Files\<DIR> Bonjour
[11/01/2008|08:39] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[11/04/2008|02:23] C:\Program Files\<DIR> Common Files
[03/30/2007|02:01] C:\Program Files\<DIR> ComPlus Applications
[07/06/2008|01:29] C:\Program Files\<DIR> Cosmi
[07/15/2008|06:12] C:\Program Files\<DIR> Cucusoft
[03/30/2007|02:47] C:\Program Files\<DIR> CyberLink
[01/07/2008|12:05] C:\Program Files\<DIR> DivX
[07/18/2008|05:55] C:\Program Files\<DIR> FrostWire
[12/04/2007|04:08] C:\Program Files\<DIR> InstallShield Installation Information
[10/15/2008|02:09] C:\Program Files\<DIR> Internet Explorer
[09/22/2008|09:23] C:\Program Files\<DIR> iPod
[09/22/2008|09:23] C:\Program Files\<DIR> iTunes
[04/24/2007|11:23] C:\Program Files\<DIR> Java
[12/04/2007|04:08] C:\Program Files\<DIR> LG Electronics
[10/01/2008|07:52] C:\Program Files\<DIR> LimeWire
[09/11/2008|09:05] C:\Program Files\<DIR> Messenger
[03/30/2007|02:52] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2007|02:02] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[03/30/2007|02:05] C:\Program Files\<DIR> microsoft frontpage
[03/30/2007|02:51] C:\Program Files\<DIR> Microsoft Office
[03/30/2007|02:52] C:\Program Files\<DIR> Microsoft Visual Studio
[11/01/2008|12:19] C:\Program Files\<DIR> Mjcore
[09/11/2008|08:57] C:\Program Files\<DIR> Movie Maker
[07/11/2008|01:35] C:\Program Files\<DIR> MP3 Rocket
[04/25/2007|01:47] C:\Program Files\<DIR> MSN
[03/30/2007|02:01] C:\Program Files\<DIR> MSN Gaming Zone
[08/16/2007|02:01] C:\Program Files\<DIR> MSXML 4.0
[09/11/2008|08:54] C:\Program Files\<DIR> NetMeeting
[11/01/2008|08:22] C:\Program Files\<DIR> Network Monitor
[11/01/2008|02:02] C:\Program Files\<DIR> OINAnalytics
[03/30/2007|02:03] C:\Program Files\<DIR> Online Services
[11/04/2008|02:23] C:\Program Files\<DIR> Outerinfo
[09/11/2008|08:54] C:\Program Files\<DIR> Outlook Express
[09/22/2008|09:20] C:\Program Files\<DIR> QuickTime
[03/30/2007|02:31] C:\Program Files\<DIR> S3
[07/10/2008|11:49] C:\Program Files\<DIR> SmartDraw 2008
[11/03/2008|08:26] C:\Program Files\<DIR> Trend Micro
[03/30/2007|02:10] C:\Program Files\<DIR> Uninstall Information
[12/04/2007|04:07] C:\Program Files\<DIR> Verizon Wireless
[03/30/2007|02:13] C:\Program Files\<DIR> VIA
[04/26/2007|04:36] C:\Program Files\<DIR> Wal-Mart
[11/01/2008|12:24] C:\Program Files\<DIR> Webtools
[01/25/2008|06:46] C:\Program Files\<DIR> Windows Defender
[12/04/2007|05:23] C:\Program Files\<DIR> Windows Media Connect 2
[09/11/2008|08:54] C:\Program Files\<DIR> Windows Media Player
[09/11/2008|08:54] C:\Program Files\<DIR> Windows NT
[03/30/2007|02:03] C:\Program Files\<DIR> WindowsUpdate
[03/30/2007|02:05] C:\Program Files\<DIR> xerox
[02/22/2008|05:15] C:\Program Files\<DIR> Yahoo!
[06/03/2008|03:19] C:\Program Files\<DIR> Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/13/2007|12:31] C:\Program Files\Common Files\<DIR> Adobe
[03/30/2007|02:41] C:\Program Files\Common Files\<DIR> Ahead
[09/22/2008|09:19] C:\Program Files\Common Files\<DIR> Apple
[03/30/2007|02:52] C:\Program Files\Common Files\<DIR> Designer
[07/15/2008|06:11] C:\Program Files\Common Files\<DIR> Download Manager
[11/01/2008|08:20] C:\Program Files\Common Files\<DIR> fqkk
[04/26/2007|04:36] C:\Program Files\Common Files\<DIR> HP
[04/05/2007|09:55] C:\Program Files\Common Files\<DIR> InstallShield
[04/24/2007|11:22] C:\Program Files\Common Files\<DIR> Java
[03/30/2007|02:51] C:\Program Files\Common Files\<DIR> L&H
[04/15/2007|02:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/30/2007|02:02] C:\Program Files\Common Files\<DIR> MSSoap
[03/30/2007|02:42] C:\Program Files\Common Files\<DIR> Nero
[03/30/2007|08:55] C:\Program Files\Common Files\<DIR> ODBC
[02/22/2008|05:15] C:\Program Files\Common Files\<DIR> Scanner
[03/30/2007|02:02] C:\Program Files\Common Files\<DIR> Services
[03/30/2007|08:55] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/06/2007|02:50] C:\Program Files\Common Files\<DIR> SupportSoft
[09/11/2008|08:54] C:\Program Files\Common Files\<DIR> System
[11/04/2008|02:23] C:\Program Files\Common Files\<DIR> s?stem

--------------------\\ Process

( 39 Processes )

iexplore.exe ~ [PID:10848]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\User\LOCALS~1\Temp\nsuC2.tmp
C:\DOCUME~1\User\Cookies\user@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 08:38:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\HhNVvyay.ini
C:\WINDOWS\system32\HhNVvyay.ini2
C:\WINDOWS\system32\oqppYcdd.ini
C:\WINDOWS\system32\oqppYcdd.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User\My Documents\Updater5\My Music\Lil Wayne\The Drought 3 Disc 2\03 crack da bottle.wma


[F:2116][D:96]-> C:\DOCUME~1\User\LOCALS~1\Temp
[F:991][D:0]-> C:\DOCUME~1\User\Cookies
[F:13521][D:70]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 11/03/2008|10:16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 11/03/2008|23:08 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - Tue 11/04/2008| 8:39 - Option : [1]

--------------------\\ Scan completed at 8:39:51
  • 0

#6
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\HhNVvyay.ini moved successfully.
C:\WINDOWS\system32\HhNVvyay.ini2 moved successfully.
C:\WINDOWS\system32\oqppYcdd.ini moved successfully.
C:\WINDOWS\system32\oqppYcdd.ini2 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\sуstem moved successfully.
C:\WINDOWS\system32\WіnSxS moved successfully.
C:\Program Files\Common Files\sуstem moved successfully.
C:\Documents and Settings\User\My Documents\Аdobe moved successfully.
C:\Documents and Settings\User\My Documents\ΑрpPatch\ΑрpPatch moved successfully.
C:\Documents and Settings\User\My Documents\ΑрpPatch moved successfully.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\hsperfdata_User\10848 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF4900.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-E3270T.jar-1d913f6f-591d3924.zip scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-ServerOnly.jar-418abc67-3939e9a3.zip scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-SSL.jar-1c8b874-5b420431.zip scheduled to be deleted on reboot.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11042008_095644

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\hsperfdata_User\10848 not found!
File C:\DOCUME~1\User\LOCALS~1\Temp\Perflib_Perfdata_4d4.dat not found!
C:\DOCUME~1\User\LOCALS~1\Temp\~DF4900.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be moved on reboot.
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-E3270T.jar-1d913f6f-591d3924.zip moved successfully.
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-ServerOnly.jar-418abc67-3939e9a3.zip moved successfully.
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jre-6.2.10.1-SSL.jar-1c8b874-5b420431.zip moved successfully.
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Actually leave the Rsit step do this please

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

  • 0

#8
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of random's system information tool 1.04 (written by random/random)
Run by User at 2008-11-04 10:13:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 446 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:48 AM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\yayYolIX.dll
O2 - BHO: (no name) - {C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB} - C:\WINDOWS\system32\rqRLcYrp.dll (file missing)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\User\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\User\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\User\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\User\Application Data\Microsoft\Windows\xhpsismr.exe
O4 - HKCU\..\Run: [Corn] "C:\DOCUME~1\User\MYDOCU~1\PPATCH~1\javaw.exe" -vt yazb
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175891834468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O20 - Winlogon Notify: rqRLcYrp - rqRLcYrp.dll (file missing)
O20 - Winlogon Notify: vtUooMdd - vtUooMdd.dll (file missing)
O20 - Winlogon Notify: yayYolIX - C:\WINDOWS\SYSTEM32\yayYolIX.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://www.streamaud...images/logo.gif
O24 - Desktop Component 1: (no name) - https://webconnect.csx.com/back.jpg
O24 - Desktop Component 2: (no name) - http://us.music1.yim...g/hdr_lcast.jpg

--
End of file - 9031 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-01-08 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll [2008-11-01 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
OIN Analytics - C:\Program Files\OINAnalytics\OINAnalytics2.dll [2008-10-16 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C31C05B4-0A01-4DC2-8E5E-0315459F508E}]
C:\WINDOWS\system32\yayYolIX.dll [2008-11-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB}]
C:\WINDOWS\system32\rqRLcYrp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll [2008-11-01 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-01-08 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-10-31 163840]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"7H28X9M91L"=C:\WINDOWS\winlogon32.exe []
"alpha"=c:\z_Drivers\svchost.exe []
"beta"=c:\z_Drivers\svchost.exe []
"gamma"=c:\z_Drivers\svchost.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Facegame"=C:\Documents and Settings\User\Application Data\Facegame\Facegame.exe [2008-10-31 56832]
"Gool"=C:\Documents and Settings\User\Application Data\Gool\Gool.exe [2008-11-01 61440]
"SpeedRunner"=C:\Documents and Settings\User\Application Data\SpeedRunner\SpeedRunner.exe [2008-11-01 218112]
"SfKg6wIP"=C:\Documents and Settings\User\Application Data\Microsoft\Windows\xhpsismr.exe [2008-11-01 35328]
"Corn"=C:\DOCUME~1\User\MYDOCU~1\PPATCH~1\javaw.exe -vt yazb []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\User\Start Menu\Programs\Startup
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRLcYrp]
rqRLcYrp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUooMdd]
vtUooMdd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayYolIX]
C:\WINDOWS\system32\yayYolIX.dll [2008-11-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{C988A1BF-D300-4A4C-9A63-AFDF23671052}"=C:\WINDOWS\system32\vtUooMdd.dll []
"{C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB}"=C:\WINDOWS\system32\rqRLcYrp.dll []
"{C31C05B4-0A01-4DC2-8E5E-0315459F508E}"=C:\WINDOWS\system32\yayYolIX.dll [2008-11-03 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\MP3 Maker\mp3maker.exe"="C:\MP3 Maker\mp3maker.exe:*:Enabled:MAGIX mp3maker 10 deLuxe"
"C:\Media_Manager_2004\MediaManager.exe"="C:\Media_Manager_2004\MediaManager.exe:*:Enabled:MAGIX Media Manager 2004"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-04 10:13:42 ----D---- C:\rsit
2008-11-04 09:56:44 ----D---- C:\_OTMoveIt
2008-11-04 02:23:32 ----A---- C:\WINDOWS\system32\kcbj.dll
2008-11-04 02:11:10 ----A---- C:\WINDOWS\system32\fyawmudl.exe
2008-11-03 22:58:24 ----A---- C:\WINDOWS\system32\qbdywwob.exe
2008-11-03 10:09:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-03 10:03:43 ----A---- C:\lopR.txt
2008-11-03 10:02:50 ----D---- C:\Lop SD
2008-11-03 09:38:31 ----A---- C:\WINDOWS\system32\4b4e7446-.txt
2008-11-03 09:33:02 ----A---- C:\WINDOWS\system32\kvxnvamp.exe
2008-11-03 09:32:30 ----A---- C:\WINDOWS\system32\yayYolIX.dll
2008-11-03 08:26:58 ----D---- C:\Program Files\Trend Micro
2008-11-01 08:19:27 ----D---- C:\Program Files\Common Files\fqkk
2008-11-01 08:19:24 ----D---- C:\WINDOWS\fqkk
2008-11-01 02:02:28 ----D---- C:\Program Files\OINAnalytics
2008-11-01 02:02:22 ----SH---- C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe
2008-11-01 01:57:24 ----SHD---- C:\WINDOWS\Lg
2008-11-01 01:57:24 ----D---- C:\Program Files\Network Monitor
2008-11-01 00:34:28 ----D---- C:\Documents and Settings\User\Application Data\SpeedRunner
2008-11-01 00:29:26 ----D---- C:\Documents and Settings\User\Application Data\Gool
2008-11-01 00:24:25 ----D---- C:\Program Files\Webtools
2008-11-01 00:19:27 ----D---- C:\Program Files\Mjcore
2008-10-31 00:12:49 ----D---- C:\Documents and Settings\User\Application Data\Facegame
2008-10-31 00:12:19 ----A---- C:\WINDOWS\system32\vgcindynainmo.exe
2008-10-31 00:12:11 ----D---- C:\WINDOWS\system32\vb
2008-10-31 00:12:11 ----D---- C:\WINDOWS\system32\im
2008-10-31 00:12:11 ----D---- C:\WINDOWS\system32\CPX
2008-10-31 00:12:11 ----D---- C:\WINDOWS\system32\BOT2
2008-10-30 09:07:41 ----D---- C:\WINDOWS\system32\QI02
2008-10-24 02:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 12:53:58 ----SH---- C:\Program Files\Common Files\Yazzle3090OinAdmin.exe
2008-10-15 02:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-04 10:11:13 ----D---- C:\WINDOWS\Prefetch
2008-11-04 09:58:48 ----D---- C:\WINDOWS\Temp
2008-11-04 09:56:45 ----D---- C:\WINDOWS\system32
2008-11-04 09:56:45 ----D---- C:\WINDOWS
2008-11-04 09:56:45 ----D---- C:\Program Files\Common Files
2008-11-04 08:41:15 ----RD---- C:\Program Files
2008-11-03 23:47:01 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
2008-11-03 10:09:35 ----D---- C:\Documents and Settings
2008-11-03 09:32:26 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 09:22:47 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-03 09:22:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-03 09:17:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 09:17:37 ----SD---- C:\WINDOWS\Tasks
2008-11-03 09:15:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 08:39:31 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-11-01 08:31:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 08:27:58 ----SHD---- C:\WINDOWS\Installer
2008-10-31 08:35:01 ----HD---- C:\Config.Msi
2008-10-31 00:12:26 ----D---- C:\temp
2008-10-30 09:36:51 ----HD---- C:\WINDOWS\inf
2008-10-30 09:27:05 ----D---- C:\WINDOWS\network diagnostic
2008-10-24 02:00:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 02:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:09:58 ----D---- C:\Program Files\Internet Explorer
2008-10-15 02:03:34 ----A---- C:\WINDOWS\imsins.BAK
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 dxapii;dxapii; C:\WINDOWS\System32\drivers\dxapii.sys [2008-10-31 86144]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-12-26 247040]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; \??\C:\WINDOWS\TEMP\1D.tmp []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Follow the steps in my previous post
  • 0

#10
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
info.txt logfile of random's system information tool 1.04 2008-11-04 10:13:52

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Deer Hunter - The 2005 Season Demo-->"C:\Program Files\Atari\Deer Hunter 2005 Demo\unins000.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Norton Spyware Scan provided by Yahoo!-->C:\PROGRA~1\Yahoo!\Common\unynss.exe
OIN Analytics-->C:\Program Files\OINAnalytics\Uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
RON Tool Innbanner-->C:\WINDOWS\system32\vgcindynainmo.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Follow the steps in my previous post please
  • 0

#12
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
SDFix: Version 1.239
Run by User on Tue 11/04/2008 at 10:37 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
{DEF85C80-216A-43ab-AF70-1665EDBE2780}

Path :
\??\C:\WINDOWS\TEMP\1D.tmp

{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\vgcindynainmo.exe - Deleted
C:\Documents and Settings\User\Application Data\Facegame\Facegame.exe - Deleted
C:\Documents and Settings\User\Application Data\Gool\Gool.exe - Deleted
C:\Documents and Settings\User\Application Data\SpeedRunner\config.cfg - Deleted
C:\Documents and Settings\User\Application Data\SpeedRunner\SpeedRunner.exe - Deleted
C:\Documents and Settings\User\Application Data\SpeedRunner\SRUninstall.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\Mjcore\Mjcore.dll - Deleted
C:\Program Files\Webtools\webtools.dll - Deleted
C:\Program Files\Common Files\Yazzle3090OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer


Folder C:\Documents and Settings\User\Application Data\Facegame - Removed
Folder C:\Documents and Settings\User\Application Data\Gool - Removed
Folder C:\Documents and Settings\User\Application Data\SpeedRunner - Removed
Folder C:\Program Files\Mjcore - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\Webtools - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 10:46:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\MP3 Maker\\mp3maker.exe"="C:\\MP3 Maker\\mp3maker.exe:*:Enabled:MAGIX mp3maker 10 deLuxe"
"C:\\Media_Manager_2004\\MediaManager.exe"="C:\\Media_Manager_2004\\MediaManager.exe:*:Enabled:MAGIX Media Manager 2004"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 23 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 Nov 2007 145,920 ..SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\Setup.exe"
Mon 7 May 2007 53,248 A.SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\_Setupx.dll"
Tue 4 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 1 Nov 2008 184,320 A.SHR --- "C:\_OTMoveIt\MovedFiles\11042008_095644\Documents and Settings\User\My Documents\à?pPatch\javaw.exe"

Finished!
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)
  • 0

#14
JCD81

JCD81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x950a600 size 0x1ac !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open the Start > run box

type cmd hit the ok button.

At the DOS promt type mbr.exe -f (make sure you have a space before the e and the -f

hit the enter key.

Type exit at the prompt and hit the enter key.

Restart the computer normally.



Run the mbr.exe again.
Let me see the results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP