Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware eats all my CPU [RESOLVED]

Started by okucu , Oct 26 2008 11:17 AM

  • This topic is locked This topic is locked

#76
Rorschach112
Posted 26 November 2008 - 07:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello okucu

Egwene has asked for my help as your log is pretty bizarre


Few things for you

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

Advertisements

#77
okucu
Posted 26 November 2008 - 09:24 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi Rorschah,

Thanks for your help . I attached the OTScanIt Log .

Just a few notes :

- If I turn on my computer while my internet connection is plugged , my CPU is gone 100% - everytime . After a clean up by combofix or OTMoveIt or Amtimalwarebytes, I first turn the PC on , then connect to the internet , which usually enables me to work 1-2 hours without losing my CPU usage .

- Unfortunately , I had someone load pirate architecture-photoshop programs into my computer about 45 days ago , and he did lots of trial/errors while trying to crack the programs . He did also make some chamges in my msconfig to give me a faster start time . He might have accidentally ruined my operating programs or might have planted something on purpose .

For temporary clean up ,Please suggest me which program to use when my PC locks ( Malware antimalwarebytes,Combofix,OTMoveIt , etc ) while I wait for an answer from you .. I know it makes it harder for you guys when we do things on our own but I have to - otherwise my computer is useless . I can't even post an answer to you if I don't get my CPU's back to normal first .

Let's hope you can help , thanks in advance ...

Attached Files


  • 0

#78
Rorschach112
Posted 26 November 2008 - 07:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Honestly there is nothing I can recommend to you that will help

We are very close to a format unless I can find what is infecting you


Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (SVCHOSTS32) Windows Host Services [Win32_Own | Auto | Stopped] ->
[Driver Services - Safe List]
YY -> (6457aed) 6457aed [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\6457aed.sys
YY -> (b160485) b160485 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\b160485.sys
YY -> (d435fd4) d435fd4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\d435fd4.sys
YY -> (d812a079) d812a079 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\d812a079.sys
YY -> (f35ee9e) f35ee9e [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\f35ee9e.sys
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "3PMmUpdate" -> %SystemRoot%\Update.dll [rundll32 "C:\WINDOWS\Update.dll",Main]
YN -> "CFSServ.exe" -> [CFSServ.exe -NoClient]
YY -> "HBService32" -> %SystemRoot%\system32\System.exe [System.exe]
YY -> "MPKrnl" -> %SystemRoot%\MPKrnl.dll [rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc]
YN -> "NDSTray.exe" -> [NDSTray.exe]
YN -> "TFncKy" -> [TFncKy.exe]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
*MPMKrnl* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\MPMKrnl
YY -> rundll32 "C:\WINDOWS\MKMKrnl.dll" -> %SystemRoot%\MKMKrnl.dll
YN -> KMainProc ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> 01AFE3DC.dll -> %SystemRoot%\system32\01AFE3DC.dll
YY -> HBmhly.dll -> %SystemRoot%\system32\HBmhly.dll
YY -> HBZHUXIAN.dll -> %SystemRoot%\system32\HBZHUXIAN.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{97421D0D-E07F-40DF-8F07-99597B9585AD}" [HKLM] -> %SystemRoot%\Downloaded Program Files\ThunderAdvise.dll [ThunderAdvise]
YY -> "{DE01DA19-A6A8-EB80-4D47-248DEB2A9399}" [HKLM] -> %SystemRoot%\system32\upnpsrv.dll [Upnp]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> "{01AFE3DC-2242-436E-9B44-6DD1C664E828}" [HKLM] -> %SystemRoot%\system32\01AFE3DC.dll []
YY -> "{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}" [HKLM] -> %SystemRoot%\system32\08223B03.dll []
YY -> "{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}" [HKLM] -> %SystemRoot%\system32\122B901E.dll []
YY -> "{14F7F80A-0FE7-4A24-83CC-639D42BE410C}" [HKLM] -> %SystemRoot%\system32\14F7F80A.dll []
YN -> "{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}" [HKLM] -> []
YY -> "{201476D0-2B18-462E-AB9F-3E2B0CC8732B}" [HKLM] -> %SystemRoot%\system32\201476D0.dll []
YY -> "{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97}" [HKLM] -> %SystemRoot%\system32\29EA67E0.dll []
YY -> "{2EF0D734-21FD-4225-A1A2-BCD296182AAF}" [HKLM] -> %SystemRoot%\system32\2EF0D734.dll []
YY -> "{34A25F04-008D-403E-8EE6-2307BC02FA2E}" [HKLM] -> %SystemRoot%\system32\34A25F04.dll []
YY -> "{39349BEE-BE43-47E4-8670-8B34570E112D}" [HKLM] -> %SystemRoot%\system32\39349BEE.dll []
YN -> "{3B8DA919-1139-4B10-AD8F-91E8FBCFD375}" [HKLM] -> []
YY -> "{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}" [HKLM] -> %SystemRoot%\system32\4D023DE9.dll []
YY -> "{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}" [HKLM] -> %SystemRoot%\system32\4FBFD5A4.dll []
YY -> "{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}" [HKLM] -> %SystemRoot%\system32\56BC86C7.dll []
YY -> "{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}" [HKLM] -> %SystemRoot%\system32\5934EA2B.dll []
YY -> "{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}" [HKLM] -> %SystemRoot%\system32\66AFCB56.dll []
YY -> "{8566F82E-03A4-416E-AEAC-66600D8881F1}" [HKLM] -> %SystemRoot%\system32\8566F82E.dll []
YY -> "{93DEE065-EC9B-4505-ADD3-19880AD3C38F}" [HKLM] -> %SystemRoot%\system32\93DEE065.dll []
YY -> "{950D1600-DE4A-448D-93B4-7BAE5A7A8052}" [HKLM] -> %SystemRoot%\system32\950D1600.dll []
YY -> "{9CA963CA-107C-4089-B0AB-31380F90D7E3}" [HKLM] -> %SystemRoot%\system32\9CA963CA.dll []
YY -> "{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}" [HKLM] -> %SystemRoot%\system32\A1A6BC2E.dll []
YY -> "{A55F538E-9E65-4706-9458-852BF6592063}" [HKLM] -> %SystemRoot%\system32\A55F538E.dll []
YY -> "{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2}" [HKLM] -> %SystemRoot%\system32\AD794E6B.dll []
YY -> "{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}" [HKLM] -> %SystemRoot%\system32\B3721C07.dll []
YY -> "{B8E83D3C-9466-4091-9AD1-1F89418A6EB7}" [HKLM] -> %SystemRoot%\system32\B8E83D3C.dll []
YY -> "{BA7EDF54-8408-4B21-B351-7B447B344BA4}" [HKLM] -> %SystemRoot%\system32\BA7EDF54.dll []
YY -> "{D9C002DD-EA51-43A2-9009-54EAAAF031A4}" [HKLM] -> %SystemRoot%\system32\D9C002DD.dll []
YY -> "{DA63E650-537C-4042-87BB-9D19D844680B}" [HKLM] -> %SystemRoot%\system32\DA63E650.dll []
YY -> "{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}" [HKLM] -> %SystemRoot%\system32\DFB3DAC5.dll []
YY -> "{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}" [HKLM] -> %SystemRoot%\system32\DFEC5CB7.dll []
YY -> "{E0D39066-96D7-4891-8527-488ADAFCD60F}" [HKLM] -> %SystemRoot%\system32\E0D39066.dll []
YY -> "{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}" [HKLM] -> %SystemRoot%\system32\E1D19FCC.dll []
YY -> "{F8E07BB2-7A19-4057-80F1-E14646E630B4}" [HKLM] -> %SystemRoot%\system32\F8E07BB2.dll []
YY -> "{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}" [HKLM] -> %SystemRoot%\system32\FFAE967F.dll []
[Files/Folders - Created Within 90 Days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> FFAE967F.dll -> %SystemRoot%\System32\FFAE967F.dll
NY -> FFAE967F.cfg -> %SystemRoot%\System32\FFAE967F.cfg
NY -> D9C002DD.dll -> %SystemRoot%\System32\D9C002DD.dll
NY -> D9C002DD.cfg -> %SystemRoot%\System32\D9C002DD.cfg
NY -> 6457aed.sys -> %SystemRoot%\System32\6457aed.sys
NY -> 39349BEE.dll -> %SystemRoot%\System32\39349BEE.dll
NY -> 39349BEE.cfg -> %SystemRoot%\System32\39349BEE.cfg
NY -> 14F7F80A.dll -> %SystemRoot%\System32\14F7F80A.dll
NY -> 14F7F80A.cfg -> %SystemRoot%\System32\14F7F80A.cfg
NY -> 01AFE3DC.dll -> %SystemRoot%\System32\01AFE3DC.dll
NY -> B8E83D3C.dll -> %SystemRoot%\System32\B8E83D3C.dll
NY -> DFEC5CB7.dll -> %SystemRoot%\System32\DFEC5CB7.dll
NY -> DFEC5CB7.cfg -> %SystemRoot%\System32\DFEC5CB7.cfg
NY -> 29EA67E0.dll -> %SystemRoot%\System32\29EA67E0.dll
NY -> 8566F82E.dll -> %SystemRoot%\System32\8566F82E.dll
NY -> 8566F82E.cfg -> %SystemRoot%\System32\8566F82E.cfg
NY -> 2EF0D734.dll -> %SystemRoot%\System32\2EF0D734.dll
NY -> 2EF0D734.cfg -> %SystemRoot%\System32\2EF0D734.cfg
NY -> BA7EDF54.dll -> %SystemRoot%\System32\BA7EDF54.dll
NY -> BA7EDF54.cfg -> %SystemRoot%\System32\BA7EDF54.cfg
NY -> 34A25F04.dll -> %SystemRoot%\System32\34A25F04.dll
NY -> 9CA963CA.dll -> %SystemRoot%\System32\9CA963CA.dll
NY -> 9CA963CA.cfg -> %SystemRoot%\System32\9CA963CA.cfg
NY -> 66AFCB56.dll -> %SystemRoot%\System32\66AFCB56.dll
NY -> 66AFCB56.cfg -> %SystemRoot%\System32\66AFCB56.cfg
NY -> E0D39066.dll -> %SystemRoot%\System32\E0D39066.dll
NY -> E0D39066.cfg -> %SystemRoot%\System32\E0D39066.cfg
NY -> B3721C07.dll -> %SystemRoot%\System32\B3721C07.dll
NY -> B3721C07.cfg -> %SystemRoot%\System32\B3721C07.cfg
NY -> 93DEE065.dll -> %SystemRoot%\System32\93DEE065.dll
NY -> 08223B03.dll -> %SystemRoot%\System32\08223B03.dll
NY -> 08223B03.cfg -> %SystemRoot%\System32\08223B03.cfg
NY -> 4D023DE9.dll -> %SystemRoot%\System32\4D023DE9.dll
NY -> 4D023DE9.cfg -> %SystemRoot%\System32\4D023DE9.cfg
NY -> HBZHUXIAN.dll -> %SystemRoot%\System32\HBZHUXIAN.dll
NY -> 122B901E.dll -> %SystemRoot%\System32\122B901E.dll
NY -> 122B901E.cfg -> %SystemRoot%\System32\122B901E.cfg
NY -> A55F538E.dll -> %SystemRoot%\System32\A55F538E.dll
NY -> 201476D0.dll -> %SystemRoot%\System32\201476D0.dll
NY -> 56BC86C7.dll -> %SystemRoot%\System32\56BC86C7.dll
NY -> 5934EA2B.dll -> %SystemRoot%\System32\5934EA2B.dll
NY -> A1A6BC2E.dll -> %SystemRoot%\System32\A1A6BC2E.dll
NY -> AD794E6B.dll -> %SystemRoot%\System32\AD794E6B.dll
NY -> F8E07BB2.dll -> %SystemRoot%\System32\F8E07BB2.dll
NY -> E1D19FCC.dll -> %SystemRoot%\System32\E1D19FCC.dll
NY -> 4FBFD5A4.dll -> %SystemRoot%\System32\4FBFD5A4.dll
NY -> HBmhly.dll -> %SystemRoot%\System32\HBmhly.dll
NY -> HBKernel32.sys -> %SystemRoot%\System32\drivers\HBKernel32.sys
NY -> System.exe -> %SystemRoot%\System32\System.exe
NY -> DA63E650.dll -> %SystemRoot%\System32\DA63E650.dll
NY -> DA63E650.cfg -> %SystemRoot%\System32\DA63E650.cfg
NY -> DFB3DAC5.dll -> %SystemRoot%\System32\DFB3DAC5.dll
NY -> 950D1600.dll -> %SystemRoot%\System32\950D1600.dll
NY -> Update.dll -> %SystemRoot%\Update.dll
NY -> MSVB50CHS.dll -> %SystemRoot%\MSVB50CHS.dll
NY -> i -> %SystemRoot%\System32\i
NY -> A55F538E.cfg -> %SystemRoot%\System32\A55F538E.cfg
NY -> 950D1600.cfg -> %SystemRoot%\System32\950D1600.cfg
NY -> 29EA67E0.cfg -> %SystemRoot%\System32\29EA67E0.cfg
NY -> DFB3DAC5.cfg -> %SystemRoot%\System32\DFB3DAC5.cfg
NY -> d812a079.sys -> %SystemRoot%\System32\d812a079.sys
NY -> 56BC86C7.cfg -> %SystemRoot%\System32\56BC86C7.cfg
NY -> MPKrnl.dll -> %SystemRoot%\MPKrnl.dll
NY -> 01AFE3DC.cfg -> %SystemRoot%\System32\01AFE3DC.cfg
NY -> B8E83D3C.cfg -> %SystemRoot%\System32\B8E83D3C.cfg
NY -> MKMKrnl.dll -> %SystemRoot%\MKMKrnl.dll
NY -> 34A25F04.cfg -> %SystemRoot%\System32\34A25F04.cfg
NY -> 93DEE065.cfg -> %SystemRoot%\System32\93DEE065.cfg
NY -> 3B8DA919.cfg -> %SystemRoot%\System32\3B8DA919.cfg
NY -> 201476D0.cfg -> %SystemRoot%\System32\201476D0.cfg
NY -> 5934EA2B.cfg -> %SystemRoot%\System32\5934EA2B.cfg
NY -> A1A6BC2E.cfg -> %SystemRoot%\System32\A1A6BC2E.cfg
NY -> AD794E6B.cfg -> %SystemRoot%\System32\AD794E6B.cfg
NY -> d435fd4.sys -> %SystemRoot%\System32\d435fd4.sys
NY -> F8E07BB2.cfg -> %SystemRoot%\System32\F8E07BB2.cfg
NY -> E1D19FCC.cfg -> %SystemRoot%\System32\E1D19FCC.cfg
NY -> 4FBFD5A4.cfg -> %SystemRoot%\System32\4FBFD5A4.cfg
NY -> b160485.sys -> %SystemRoot%\System32\b160485.sys
NY -> 16AF66EB.cfg -> %SystemRoot%\System32\16AF66EB.cfg
NY -> f35ee9e.sys -> %SystemRoot%\System32\f35ee9e.sys
NY -> IceSword122en -> %UserProfile%\Desktop\IceSword122en
NY -> Lop SD -> %SystemDrive%\Lop SD
NY -> LopSD.exe -> %UserProfile%\Desktop\LopSD.exe
NY -> drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe
NY -> gmer.zip -> %UserProfile%\My Documents\gmer.zip
[Files/Folders - Modified Within 90 Days]
NY -> f35ee9e.sys -> %SystemRoot%\System32\f35ee9e.sys
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#79
okucu
Posted 26 November 2008 - 08:01 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi ,
Uploaded the Combofix load but the OTScanlog it does not accept . Here it is below :

By the way , I have been running clean- no lock ups or no CPU taken over . I am extremely careful though . Not much interneting and usually disconnecting if I'm not using the internet . Am I just lucky for now or might it have gone with the last OTScan ?? can you see any infections in my logs ??

Explorer killed successfully
[Win32 Services - Safe List]
Service SVCHOSTS32 stopped successfully.
Service SVCHOSTS32 deleted successfully.
File not found.
[Driver Services - Safe List]
Service 6457aed stopped successfully.
Service 6457aed deleted successfully.
C:\WINDOWS\system32\6457aed.sys moved successfully.
Service b160485 stopped successfully.
Service b160485 deleted successfully.
C:\WINDOWS\system32\b160485.sys moved successfully.
Service d435fd4 stopped successfully.
Service d435fd4 deleted successfully.
C:\WINDOWS\system32\d435fd4.sys moved successfully.
Service d812a079 stopped successfully.
Service d812a079 deleted successfully.
C:\WINDOWS\system32\d812a079.sys moved successfully.
Service f35ee9e stopped successfully.
Service f35ee9e deleted successfully.
C:\WINDOWS\system32\f35ee9e.sys moved successfully.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3PMmUpdate deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Update.dll
C:\WINDOWS\Update.dll NOT unregistered.
C:\WINDOWS\Update.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HBService32 deleted successfully.
File move failed. C:\WINDOWS\system32\System.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MPKrnl deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\MPKrnl.dll
C:\WINDOWS\MPKrnl.dll NOT unregistered.
C:\WINDOWS\MPKrnl.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\MPMKrnl:rundll32 "C:\WINDOWS\MKMKrnl.dll" deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\MKMKrnl.dll
C:\WINDOWS\MKMKrnl.dll NOT unregistered.
C:\WINDOWS\MKMKrnl.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\MPMKrnl:KMainProc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:01AFE3DC.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\01AFE3DC.dll
C:\WINDOWS\system32\01AFE3DC.dll NOT unregistered.
C:\WINDOWS\system32\01AFE3DC.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:HBmhly.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBmhly.dll NOT unregistered.
C:\WINDOWS\system32\HBmhly.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:HBZHUXIAN.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\HBZHUXIAN.dll
C:\WINDOWS\system32\HBZHUXIAN.dll NOT unregistered.
C:\WINDOWS\system32\HBZHUXIAN.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ThunderAdvise deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\"{97421D0D-E07F-40DF-8F07-99597B9585AD}"\ not found.
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll unregistered successfully.
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Upnp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\"{DE01DA19-A6A8-EB80-4D47-248DEB2A9399}"\ not found.
C:\WINDOWS\system32\upnpsrv.dll NOT unregistered.
C:\WINDOWS\system32\upnpsrv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{01AFE3DC-2242-436E-9B44-6DD1C664E828} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01AFE3DC-2242-436E-9B44-6DD1C664E828}\ deleted successfully.
File C:\WINDOWS\system32\01AFE3DC.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\08223B03.dll NOT unregistered.
C:\WINDOWS\system32\08223B03.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\system32\122B901E.dll NOT unregistered.
C:\WINDOWS\system32\122B901E.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{14F7F80A-0FE7-4A24-83CC-639D42BE410C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14F7F80A-0FE7-4A24-83CC-639D42BE410C}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\14F7F80A.dll
C:\WINDOWS\system32\14F7F80A.dll NOT unregistered.
C:\WINDOWS\system32\14F7F80A.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{201476D0-2B18-462E-AB9F-3E2B0CC8732B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201476D0-2B18-462E-AB9F-3E2B0CC8732B}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\201476D0.dll
C:\WINDOWS\system32\201476D0.dll NOT unregistered.
C:\WINDOWS\system32\201476D0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\29EA67E0.dll
C:\WINDOWS\system32\29EA67E0.dll NOT unregistered.
C:\WINDOWS\system32\29EA67E0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\2EF0D734.dll
C:\WINDOWS\system32\2EF0D734.dll NOT unregistered.
C:\WINDOWS\system32\2EF0D734.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{34A25F04-008D-403E-8EE6-2307BC02FA2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A25F04-008D-403E-8EE6-2307BC02FA2E}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\34A25F04.dll
C:\WINDOWS\system32\34A25F04.dll NOT unregistered.
C:\WINDOWS\system32\34A25F04.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{39349BEE-BE43-47E4-8670-8B34570E112D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39349BEE-BE43-47E4-8670-8B34570E112D}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\39349BEE.dll
C:\WINDOWS\system32\39349BEE.dll NOT unregistered.
C:\WINDOWS\system32\39349BEE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3B8DA919-1139-4B10-AD8F-91E8FBCFD375} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B8DA919-1139-4B10-AD8F-91E8FBCFD375}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\4D023DE9.dll
C:\WINDOWS\system32\4D023DE9.dll NOT unregistered.
C:\WINDOWS\system32\4D023DE9.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\4FBFD5A4.dll
C:\WINDOWS\system32\4FBFD5A4.dll NOT unregistered.
C:\WINDOWS\system32\4FBFD5A4.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\56BC86C7.dll
C:\WINDOWS\system32\56BC86C7.dll NOT unregistered.
C:\WINDOWS\system32\56BC86C7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\5934EA2B.dll
C:\WINDOWS\system32\5934EA2B.dll NOT unregistered.
C:\WINDOWS\system32\5934EA2B.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\66AFCB56.dll
C:\WINDOWS\system32\66AFCB56.dll NOT unregistered.
C:\WINDOWS\system32\66AFCB56.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8566F82E-03A4-416E-AEAC-66600D8881F1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8566F82E-03A4-416E-AEAC-66600D8881F1}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\8566F82E.dll
C:\WINDOWS\system32\8566F82E.dll NOT unregistered.
C:\WINDOWS\system32\8566F82E.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{93DEE065-EC9B-4505-ADD3-19880AD3C38F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93DEE065-EC9B-4505-ADD3-19880AD3C38F}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\93DEE065.dll
C:\WINDOWS\system32\93DEE065.dll NOT unregistered.
C:\WINDOWS\system32\93DEE065.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{950D1600-DE4A-448D-93B4-7BAE5A7A8052} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950D1600-DE4A-448D-93B4-7BAE5A7A8052}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\950D1600.dll
C:\WINDOWS\system32\950D1600.dll NOT unregistered.
C:\WINDOWS\system32\950D1600.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9CA963CA-107C-4089-B0AB-31380F90D7E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\9CA963CA.dll
C:\WINDOWS\system32\9CA963CA.dll NOT unregistered.
C:\WINDOWS\system32\9CA963CA.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\A1A6BC2E.dll
C:\WINDOWS\system32\A1A6BC2E.dll NOT unregistered.
C:\WINDOWS\system32\A1A6BC2E.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A55F538E-9E65-4706-9458-852BF6592063} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F538E-9E65-4706-9458-852BF6592063}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\A55F538E.dll
C:\WINDOWS\system32\A55F538E.dll NOT unregistered.
C:\WINDOWS\system32\A55F538E.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\AD794E6B.dll
C:\WINDOWS\system32\AD794E6B.dll NOT unregistered.
C:\WINDOWS\system32\AD794E6B.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B3721C07-62B3-411A-9DC7-F5F27E3E21FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\B3721C07.dll
C:\WINDOWS\system32\B3721C07.dll NOT unregistered.
C:\WINDOWS\system32\B3721C07.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B8E83D3C-9466-4091-9AD1-1F89418A6EB7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E83D3C-9466-4091-9AD1-1F89418A6EB7}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\B8E83D3C.dll
C:\WINDOWS\system32\B8E83D3C.dll NOT unregistered.
C:\WINDOWS\system32\B8E83D3C.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BA7EDF54-8408-4B21-B351-7B447B344BA4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\BA7EDF54.dll
C:\WINDOWS\system32\BA7EDF54.dll NOT unregistered.
C:\WINDOWS\system32\BA7EDF54.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D9C002DD-EA51-43A2-9009-54EAAAF031A4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C002DD-EA51-43A2-9009-54EAAAF031A4}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\D9C002DD.dll
C:\WINDOWS\system32\D9C002DD.dll NOT unregistered.
C:\WINDOWS\system32\D9C002DD.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DA63E650-537C-4042-87BB-9D19D844680B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\DA63E650.dll
C:\WINDOWS\system32\DA63E650.dll NOT unregistered.
C:\WINDOWS\system32\DA63E650.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\DFB3DAC5.dll
C:\WINDOWS\system32\DFB3DAC5.dll NOT unregistered.
C:\WINDOWS\system32\DFB3DAC5.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\DFEC5CB7.dll
C:\WINDOWS\system32\DFEC5CB7.dll NOT unregistered.
C:\WINDOWS\system32\DFEC5CB7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E0D39066-96D7-4891-8527-488ADAFCD60F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0D39066-96D7-4891-8527-488ADAFCD60F}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\E0D39066.dll
C:\WINDOWS\system32\E0D39066.dll NOT unregistered.
C:\WINDOWS\system32\E0D39066.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\E1D19FCC.dll
C:\WINDOWS\system32\E1D19FCC.dll NOT unregistered.
C:\WINDOWS\system32\E1D19FCC.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F8E07BB2-7A19-4057-80F1-E14646E630B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E07BB2-7A19-4057-80F1-E14646E630B4}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\F8E07BB2.dll
C:\WINDOWS\system32\F8E07BB2.dll NOT unregistered.
C:\WINDOWS\system32\F8E07BB2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\FFAE967F.dll
C:\WINDOWS\system32\FFAE967F.dll NOT unregistered.
C:\WINDOWS\system32\FFAE967F.dll moved successfully.
[Files/Folders - Created Within 90 Days]
File delete failed. C:\WINDOWS\System32\8D.tmp scheduled to be deleted on reboot.
File C:\WINDOWS\System32\FFAE967F.dll not found!
C:\WINDOWS\System32\FFAE967F.cfg moved successfully.
File C:\WINDOWS\System32\D9C002DD.dll not found!
C:\WINDOWS\System32\D9C002DD.cfg moved successfully.
File C:\WINDOWS\System32\6457aed.sys not found!
File C:\WINDOWS\System32\39349BEE.dll not found!
C:\WINDOWS\System32\39349BEE.cfg moved successfully.
File C:\WINDOWS\System32\14F7F80A.dll not found!
C:\WINDOWS\System32\14F7F80A.cfg moved successfully.
File C:\WINDOWS\System32\01AFE3DC.dll not found!
File C:\WINDOWS\System32\B8E83D3C.dll not found!
File C:\WINDOWS\System32\DFEC5CB7.dll not found!
C:\WINDOWS\System32\DFEC5CB7.cfg moved successfully.
File C:\WINDOWS\System32\29EA67E0.dll not found!
File C:\WINDOWS\System32\8566F82E.dll not found!
C:\WINDOWS\System32\8566F82E.cfg moved successfully.
File C:\WINDOWS\System32\2EF0D734.dll not found!
C:\WINDOWS\System32\2EF0D734.cfg moved successfully.
File C:\WINDOWS\System32\BA7EDF54.dll not found!
C:\WINDOWS\System32\BA7EDF54.cfg moved successfully.
File C:\WINDOWS\System32\34A25F04.dll not found!
File C:\WINDOWS\System32\9CA963CA.dll not found!
C:\WINDOWS\System32\9CA963CA.cfg moved successfully.
File C:\WINDOWS\System32\66AFCB56.dll not found!
C:\WINDOWS\System32\66AFCB56.cfg moved successfully.
File C:\WINDOWS\System32\E0D39066.dll not found!
C:\WINDOWS\System32\E0D39066.cfg moved successfully.
File C:\WINDOWS\System32\B3721C07.dll not found!
C:\WINDOWS\System32\B3721C07.cfg moved successfully.
File C:\WINDOWS\System32\93DEE065.dll not found!
File C:\WINDOWS\System32\08223B03.dll not found!
C:\WINDOWS\System32\08223B03.cfg moved successfully.
File C:\WINDOWS\System32\4D023DE9.dll not found!
C:\WINDOWS\System32\4D023DE9.cfg moved successfully.
File C:\WINDOWS\System32\HBZHUXIAN.dll not found!
File C:\WINDOWS\System32\122B901E.dll not found!
C:\WINDOWS\System32\122B901E.cfg moved successfully.
File C:\WINDOWS\System32\A55F538E.dll not found!
File C:\WINDOWS\System32\201476D0.dll not found!
File C:\WINDOWS\System32\56BC86C7.dll not found!
File C:\WINDOWS\System32\5934EA2B.dll not found!
File C:\WINDOWS\System32\A1A6BC2E.dll not found!
File C:\WINDOWS\System32\AD794E6B.dll not found!
File C:\WINDOWS\System32\F8E07BB2.dll not found!
File C:\WINDOWS\System32\E1D19FCC.dll not found!
File C:\WINDOWS\System32\4FBFD5A4.dll not found!
File C:\WINDOWS\System32\HBmhly.dll not found!
C:\WINDOWS\System32\drivers\HBKernel32.sys moved successfully.
File move failed. C:\WINDOWS\System32\System.exe scheduled to be moved on reboot.
File C:\WINDOWS\System32\DA63E650.dll not found!
C:\WINDOWS\System32\DA63E650.cfg moved successfully.
File C:\WINDOWS\System32\DFB3DAC5.dll not found!
File C:\WINDOWS\System32\950D1600.dll not found!
File C:\WINDOWS\Update.dll not found!
C:\WINDOWS\MSVB50CHS.dll unregistered successfully.
C:\WINDOWS\MSVB50CHS.dll moved successfully.
C:\WINDOWS\System32\i moved successfully.
C:\WINDOWS\System32\A55F538E.cfg moved successfully.
C:\WINDOWS\System32\950D1600.cfg moved successfully.
C:\WINDOWS\System32\29EA67E0.cfg moved successfully.
C:\WINDOWS\System32\DFB3DAC5.cfg moved successfully.
File C:\WINDOWS\System32\d812a079.sys not found!
C:\WINDOWS\System32\56BC86C7.cfg moved successfully.
File C:\WINDOWS\MPKrnl.dll not found!
C:\WINDOWS\System32\01AFE3DC.cfg moved successfully.
C:\WINDOWS\System32\B8E83D3C.cfg moved successfully.
File C:\WINDOWS\MKMKrnl.dll not found!
C:\WINDOWS\System32\34A25F04.cfg moved successfully.
C:\WINDOWS\System32\93DEE065.cfg moved successfully.
C:\WINDOWS\System32\3B8DA919.cfg moved successfully.
C:\WINDOWS\System32\201476D0.cfg moved successfully.
C:\WINDOWS\System32\5934EA2B.cfg moved successfully.
C:\WINDOWS\System32\A1A6BC2E.cfg moved successfully.
C:\WINDOWS\System32\AD794E6B.cfg moved successfully.
File C:\WINDOWS\System32\d435fd4.sys not found!
C:\WINDOWS\System32\F8E07BB2.cfg moved successfully.
C:\WINDOWS\System32\E1D19FCC.cfg moved successfully.
C:\WINDOWS\System32\4FBFD5A4.cfg moved successfully.
File C:\WINDOWS\System32\b160485.sys not found!
C:\WINDOWS\System32\16AF66EB.cfg moved successfully.
File C:\WINDOWS\System32\f35ee9e.sys not found!
C:\Documents and Settings\OKUCU\Desktop\IceSword122en\IceSword122en folder moved successfully.
C:\Documents and Settings\OKUCU\Desktop\IceSword122en folder moved successfully.
C:\Lop SD folder moved successfully.
C:\Documents and Settings\OKUCU\Desktop\LopSD.exe moved successfully.
C:\Documents and Settings\OKUCU\Desktop\drweb-cureit.exe moved successfully.
C:\Documents and Settings\OKUCU\My Documents\gmer.zip moved successfully.
[Files/Folders - Modified Within 90 Days]
File C:\WINDOWS\System32\f35ee9e.sys not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\OKUCU\Local Settings\temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\wmsetup.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.37b fix logfile created on 11262008_173027

Files moved on Reboot...
C:\WINDOWS\system32\System.exe moved successfully.
File C:\WINDOWS\System32\8D.tmp not found!
C:\Documents and Settings\OKUCU\Local Settings\temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\wmsetup.dll moved successfully.

Registry entries deleted on Reboot...

Attached Files


  • 0

#80
okucu
Posted 26 November 2008 - 08:06 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
And one more thing .

An icon named Thumbs.db now appears on my desktop after the latest scans . I was about to delere it but it warned that it is a system file . Any thoughts ??
  • 0

#81
Rorschach112
Posted 27 November 2008 - 05:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Leave that file, we will hide it later

You will need to attach this log


Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.




  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\06EA0A93.cfg
c:\windows\system32\7E983C60.cfg

KillAll::

Sysrst::

Folder::

FileLook::
c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#82
okucu
Posted 27 November 2008 - 08:58 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I have a got a problem doing your first request . My computer is so screwed I can not make XP show the hidden files . After I

"Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".

When I click the view tab , I don't get any options . Just blank - no files,no hidden files options . All I have is buttons for

Apply to All folders
Reset all folders
Restore defaults

and the rest is blank . Mentioned it earlier to Ewgwne also .

I'm running the scans anyway .
  • 0

#83
okucu
Posted 27 November 2008 - 09:06 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Virscan log:

VirSCAN.org Scanned Report :
Scanned time : 2008/11/27 06:59:32 (PST)
Scanner results: All Scanners reported not find malware!
File Name : PKP_DLbz.DAT
File Size : 20 byte
File Type : Non-ISO extended-ASCII text, with CR line terminators
MD5 : 7c95a821359d8c5b551b561805128cb7
SHA1 : 7b711dcebb4685aa012b297197464fe9673b8548
Online report : http://virscan.org/r...950439765d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081127213325 2008-11-27 2.98 -
AhnLab V3 2008.11.28.00 2008.11.28 2008-11-28 1.02 -
AntiVir 7.9.0.35 7.1.0.148 2008-11-27 1.56 -
Antiy 2.0.18 20081127.1765065 2008-11-27 0.12 -
Arcavir 1.0.5 200811231052 2008-11-23 1.19 -
Authentium 5.1.1 200811271131 2008-11-27 1.04 -
AVAST! 3.0.1 081127-0 2008-11-27 0.00 -
AVG 7.5.52.442 270.9.10/1815 2008-11-27 1.73 -
BitDefender 7.81008.2267605 7.22124 2008-11-27 2.06 -
CA (VET) 9.0.0.143 31.6.6233 2008-11-27 4.29 -
ClamAV 0.94.1 8687 2008-11-27 0.00 -
Comodo 2.11 2.0.0.712 2008-11-20 0.44 -
CP Secure 1.1.0.715 2008.11.27 2008-11-27 6.39 -
Dr.Web 4.44.0.9170 2008.11.27 2008-11-27 3.61 -
ewido 4.0.0.2 2008.11.27 2008-11-27 3.01 -
F-Prot 4.4.4.56 20081127 2008-11-27 1.06 -
F-Secure 5.51.6100 2008.11.27.06 2008-11-27 3.76 -
Fortinet 2.81-3.117 9.749 2008-11-26 0.16 -
GData 19.1694/19.125 20081127 2008-11-27 2.86 -
ViRobot 20081126 2008.11.26 2008-11-26 0.41 -
Ikarus T3.1.01.45 2008.11.27.71921 2008-11-27 3.48 -
JiangMin 11.0.706 2008.11.27 2008-11-27 1.35 -
Kaspersky 5.5.10 2008.11.27 2008-11-27 0.02 -
KingSoft 2008.9.8.18 2008.11.27.20 2008-11-27 0.68 -
McAfee 5.3.00 5446 2008-11-26 2.50 -
Microsoft 1.4104 2008.11.27 2008-11-27 3.99 -
mks_vir 2.01 2008.11.17 2008-11-17 2.56 -
Norman 5.93.01 5.93.00 2008-11-26 5.32 -
Panda 9.05.01 2008.11.26 2008-11-26 2.29 -
Trend Micro 8.700-1004 5.680.05 2008-11-26 0.02 -
Quick Heal 10.00 2008.11.27 2008-11-27 0.85 -
Rising 20.0 21.05.32.00 2008-11-27 0.27 -
Sophos 2.80.0 4.35 2008-11-27 1.87 -
Sunbelt 4574 4574 2008-11-28 0.83 -
Symantec 1.3.0.24 20081126.003 2008-11-26 0.15 -
nProtect 2008-11-27.00 2629878 2008-11-27 4.80 -
The Hacker 6.3.1.1 v00164 2008-11-26 0.43 -
VBA32 3.12.8.9 20081126.1036 2008-11-26 1.35 -
VirusBuster 4.5.11.10 10.94.7/729311 2008-11-26 0.94 -
  • 0

#84
okucu
Posted 27 November 2008 - 09:28 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Combolog attached

Attached Files


  • 0

#85
Rorschach112
Posted 27 November 2008 - 11:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
files to delete:
c:\windows\MSVB50CHS.dll
c:\windows\MPKrnl.dll
c:\windows\MKMKrnl.dll
c:\windows\system32\29EA67E0.cfg
c:\windows\system32\01AFE3DC.cfg
c:\windows\system32\FFAE967F.cfg
c:\windows\system32\34A25F04.cfg
c:\windows\system32\201476D0.cfg
c:\windows\system32\56BC86C7.cfg
c:\windows\system32\A55F538E.cfg
c:\windows\system32\93DEE065.cfg
c:\windows\system32\b160485.sys
c:\windows\system32\950D1600.cfg
c:\windows\system32\D9C002DD.cfg
c:\windows\system32\F8E07BB2.cfg
c:\windows\system32\DFB3DAC5.cfg
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\5934EA2B.cfg
c:\windows\system32\upnpsrv.dll
C:\12.exe
C:\copy.exe
C:\d6fagcs8.cmd
C:\Dc266.EXE
c:\windows\system32\drivers\cdralw.sys
c:\dows\system32\9F684DE8.dll
C:\host.exe

c:\windows\system32\b160485.sys

Folders to delete:
c:\program files\Common Files\Syma
c:\documents and settings\OKUCU\Desktop\pdf converter\Crack

Drivers to delete:
cdralw
b160485

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .




Please download RootRepeal to your desktop
  • Unzip it to it's own folder, close all other programs especially your security programs (anti-spyware, anti-virus, and firewall) and run RootRepeal.exe
  • Click the Report tab at the bottom and then the Scan button.
  • A box will pop up, check the boxes beside Drivers, Files, Processes SSDT and click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button, call it RepealScan and save the log to your desktop. Post that log here in your reply

  • 0

Advertisements

#86
okucu
Posted 27 November 2008 - 01:23 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi ,
Avenger and Hihack logs ( I have +100 of O1 hosts ) below .

Unfortunately , Rootrepeal gives error in the middle of running and does not proceed enough to create a log .

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\MSVB50CHS.dll" deleted successfully.
File "c:\windows\MPKrnl.dll" deleted successfully.
File "c:\windows\MKMKrnl.dll" deleted successfully.
File "c:\windows\system32\29EA67E0.cfg" deleted successfully.
File "c:\windows\system32\01AFE3DC.cfg" deleted successfully.
File "c:\windows\system32\FFAE967F.cfg" deleted successfully.
File "c:\windows\system32\34A25F04.cfg" deleted successfully.
File "c:\windows\system32\201476D0.cfg" deleted successfully.
File "c:\windows\system32\56BC86C7.cfg" deleted successfully.
File "c:\windows\system32\A55F538E.cfg" deleted successfully.
File "c:\windows\system32\93DEE065.cfg" deleted successfully.
File "c:\windows\system32\b160485.sys" deleted successfully.
File "c:\windows\system32\950D1600.cfg" deleted successfully.
File "c:\windows\system32\D9C002DD.cfg" deleted successfully.
File "c:\windows\system32\F8E07BB2.cfg" deleted successfully.
File "c:\windows\system32\DFB3DAC5.cfg" deleted successfully.
File "c:\windows\system32\A1A6BC2E.cfg" deleted successfully.
File "c:\windows\system32\5934EA2B.cfg" deleted successfully.
File "c:\windows\system32\upnpsrv.dll" deleted successfully.

Error: file "C:\12.exe" not found!
Deletion of file "C:\12.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\copy.exe" not found!
Deletion of file "C:\copy.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\d6fagcs8.cmd" not found!
Deletion of file "C:\d6fagcs8.cmd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Dc266.EXE" not found!
Deletion of file "C:\Dc266.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\drivers\cdralw.sys" not found!
Deletion of file "c:\windows\system32\drivers\cdralw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\dows\system32\9F684DE8.dll"
Deletion of file "c:\dows\system32\9F684DE8.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\host.exe" not found!
Deletion of file "C:\host.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\b160485.sys" not found!
Deletion of file "c:\windows\system32\b160485.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "c:\program files\Common Files\Syma" not found!
Deletion of folder "c:\program files\Common Files\Syma" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "c:\documents and settings\OKUCU\Desktop\pdf converter\Crack"
Deletion of folder "c:\documents and settings\OKUCU\Desktop\pdf converter\Crack" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\cdralw" not found!
Deletion of driver "cdralw" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "b160485" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

-------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:42, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MPKrnl] rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifol...loader_chkr.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.klickonli...geUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: HBmhly.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 15880 bytes
  • 0

#87
Rorschach112
Posted 27 November 2008 - 01:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I don't like to say this, and its only something I've said a handful of times, but the best solution is to format this machine

I think it is uncurable, whatever you have is too good at hiding


Do you have any questions for me ?
  • 0

#88
okucu
Posted 27 November 2008 - 02:07 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Well , it looks like there is nothing else to do ..A few thoughts :

- I know this could be something extremely dangerous and they can obtain secure information with what is planted in my PC.
The question is : whoever that planted this , has he already got all the information or does he keep receiving information when I am on-line . How do I know if any info is streaming out of my PC ?

- I haven't done any online banking since this started . However , there may be some word/excel/image documents with some banking info ( no passwords ) which I might have saved 1-2 years ago and not aware of . Is he able to download ( if that was his purpose ) all of what is in " My documents " and go through my filer,letters,faxes one by one ??

- I haven't had any problems in the past 3-4 days - no block ups . Can't I go on like this until I get a new computer ?? Or is it a security threat every time I get connected to the net .

Thanks
Ugur
  • 0

#89
Rorschach112
Posted 27 November 2008 - 02:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Chances are any information that you have typed into your PC while you have been infected, has been intercepted. We cant be 100% sure that you do have a backdoor that is stealing your information, but it does look highly likely you do, so you need to change any important information. Once you format it should be fine as long as passwords are changed



I haven't done any online banking since this started . However , there may be some word/excel/image documents with some banking info ( no passwords ) which I might have saved 1-2 years ago and not aware of . Is he able to download ( if that was his purpose ) all of what is in " My documents " and go through my filer,letters,faxes one by one ??

Nope. Generally all they do is listen to any traffic on your side and steal any sensitive information that appears.


I haven't had any problems in the past 3-4 days - no block ups . Can't I go on like this until I get a new computer ?? Or is it a security threat every time I get connected to the net .

Sadly I wouldn't consider this. Your PC is very badly infected. You need to format it ASAP. The longer you delay that, the more trouble that will happen.
  • 0

#90
Rorschach112
Posted 30 November 2008 - 05:26 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP