Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.winlogger + Outer Info...popups Etc.


  • This topic is locked This topic is locked
4 replies to this topic

#1 aleczander

aleczander

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 20 July 2007 - 10:24 PM

I have unstoppable popups. They seem to be timed or triggered by something. Random ads. Emergency messages saying "Your security settings will not allow this file to be downloaded" I followed all of the directions on the forums....ran ad-aware...Spybot SD...still can seem to stop the ads. I am hoping someone can help decide what is safe to remove with hijack this. Any information you can give me will be greatly apprieciated. IF you need additional info or log files from the other programs i can send them. Ok thanks for the help!

Alec




Logfile of HijackThis v1.99.1
Scan saved at 11:13:12 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\svhost.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\AOL\1126873288\ee\AOLSoftware.exe
C:\WINDOWS\xbivslwA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\DOCUME~1\ALEXAN~1\MYDOCU~1\PPATCH~1\csrss.exe
C:\WINDOWS\system32\?ystem32\?canregw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Alexander Troxell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {32671FFC-A860-A8E2-4914-F98DBD518FEA} - C:\WINDOWS\system32\iawc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6E671BA6-F56F-F0EC-4B14-F98DBD518FBD} - C:\WINDOWS\system32\gyabtb.dll
O2 - BHO: (no name) - {9410BDC8-D765-4ECB-9009-38F26A4824B7} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: (no name) - {dbb5cf26-a451-480c-9614-8a92bc493e33} - C:\WINDOWS\system32\wgdprcq.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126873288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [xbivslwA] C:\WINDOWS\xbivslwA.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\ALEXAN~1\MYDOCU~1\PPATCH~1\csrss.exe" -vt ndrv
O4 - HKCU\..\Run: [Enoya] C:\WINDOWS\system32\?ystem32\?canregw.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

BC AdBot (Login to Remove)

 


#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:20 PM

Posted 21 July 2007 - 12:06 AM

Hello aleczander,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#3 aleczander

aleczander
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 July 2007 - 04:07 PM

Thanks for the reply! As an update I did install and am running sygate personal firewall as a temporary fix that has stopped the adds....however now i have constant popups from sygate asking if its ok for various things to access the internet. I'm not really sure what is ok and what isnt. This computer is used for everything from online gaming (WOW) to some pretty serious myspace and photobucket crawling. So not sure really how to keep things safe....without buying some antivirus software...but I had Norton Antivirus for 2 years and it was awful. I still expect it has programs lurking around this machine somewhere. Also this is a dell and came with lots of crappy dell programs so anything I can remove safely i would like to. Thanks again and here are the log files.

uninstall list

Ad-Aware 2007
Adobe Photoshop CS
Adobe Reader 7.0.9
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Creative MediaSource
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DellConnect
DellSupport
EverQuest II
GDP 9
Google Talk (remove only)
Google Toolbar for Firefox
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ImageMixer VCD/DVD2 for OLYMPUS
Intel Matrix Storage Manager
Internet Explorer Default Page
IrfanView (remove only)
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
Musicmatch for Windows Media Player
Neverwinter Nights Platinum Edition
NVIDIA Drivers
OLYMPUS Master
Photo Click
PowerDVD 5.5
QuickBooks Premier: Contractor Edition 2006
QuickTime
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Snood for Windows version 3.52-W
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Ventrilo Client
VideoLAN VLC media player 0.8.6a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
World of Warcraft

combo fix:

"Alexander Troxell" - 2007-07-23 16:49:16 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddcyayv.dll
C:\WINDOWS\system32\ljjjhfe.dll
C:\WINDOWS\system32\xxyabcc.dll
C:\WINDOWS\system32\ddcyayv.dll
C:\WINDOWS\system32\ljjjhfe.dll
C:\WINDOWS\system32\xxyabcc.dll
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALEXAN~1\MYDOCU~1.\ppatch~1
C:\DOCUME~1\ALEXAN~1\MYDOCU~1.\ppatch~1\csrss.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\DEVONC~1\APPLIC~1\WinTouch
C:\DOCUME~1\DEVONC~1\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\DEVONC~1\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\DEVONC~1\APPLIC~1\WinTouch\WTUninstaller.exe
C:\Documents and Settings\ALEXAN~1.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\racle~1
C:\Program Files\racle~1\winword.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\anshtrri.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gyabtb.dll
C:\WINDOWS\system32\iawc.dll
C:\WINDOWS\system32\kbgcvmrv.exe
C:\WINDOWS\system32\qwrxtgsp.exe
C:\WINDOWS\system32\rglpocvu.exe
C:\WINDOWS\system32\rhhndtge.exe
C:\WINDOWS\system32\rrrdrlgq.exe
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\scurit~1\s?chost.exe
C:\WINDOWS\system32\wapiiit.exe
C:\WINDOWS\system32\wgdprcq.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ystem3~1\?canregw.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z3\w0716.exe
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z7
C:\WINDOWS\system32\Z9
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 23:10 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-20 23:10 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-20 23:10 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-20 23:10 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-07-20 23:10 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-07-20 23:10 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-07-20 23:10 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-20 23:10 <DIR> d-------- C:\Program Files\Sygate
2007-07-20 22:57 <DIR> d-------- C:\DOCUME~1\ALEXAN~1\.housecall6.6
2007-07-20 18:26 <DIR> d-------- C:\VundoFix Backups
2007-07-20 18:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-19 19:18 946,352 -r-hs---- C:\WINDOWS\xbivslwA.exe
2007-07-19 19:18 663,457 --a------ C:\Temp\bY001.exe
2007-07-19 19:18 54,784 --a------ C:\WINDOWS\xbivslw.exe
2007-07-19 19:18 <DIR> d-------- C:\WINDOWS\system32\Z11
2007-07-19 19:18 <DIR> d-------- C:\Temp\brr
2007-07-19 19:18 <DIR> d-------- C:\Temp\0c2
2007-07-19 19:18 <DIR> d-------- C:\Temp
2007-07-18 17:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-18 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 21:53 <DIR> d--hs---- C:\WINDOWS\QWxleGFuZGVyIFRyb3hlbGw
2007-07-17 10:12 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-17 10:12 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-14 22:06 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-14 22:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-14 22:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-07-14 22:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
2007-07-14 21:23 31,254 --a------ C:\WINDOWS\system32\xxyxxyx.dll.vir
2007-07-14 17:54 <DIR> d-------- C:\DOCUME~1\DEVONC~1\APPLIC~1\WinRAR
2007-07-14 17:34 <DIR> d-------- C:\Program Files\Snood
2007-07-14 15:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-07-14 15:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-14 14:22 <DIR> d-------- C:\Program Files\DellConnect
2007-07-14 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-14 13:51 <DIR> d-------- C:\WINDOWS\nview
2007-07-14 13:40 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-07-14 13:40 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-07-14 13:40 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-07-14 13:40 110,592 --a------ C:\WINDOWS\system32\nvapi.dll
2007-07-14 12:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-14 12:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-07-14 12:55 <DIR> d-------- C:\NVIDIA
2007-07-13 23:49 <DIR> d-------- C:\Program Files\AskPBar
2007-07-13 05:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-12 07:38 <DIR> d-------- C:\DOCUME~1\DEVONC~1\APPLIC~1\Aim
2007-07-12 07:04 <DIR> d-------- C:\DOCUME~1\DEVONC~1\APPLIC~1\Apple Computer
2007-07-12 07:01 <DIR> d-------- C:\Program Files\iPod
2007-07-12 07:01 <DIR> d-------- C:\DOCUME~1\ALEXAN~1\APPLIC~1\Apple Computer
2007-07-12 07:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-12 07:00 <DIR> d-------- C:\Program Files\iTunes
2007-07-12 07:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-12 07:00 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-12 07:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-12 06:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-10 22:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-10 22:06 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 20:51:56 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
2007-07-23 20:51:56 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
2007-07-23 16:31:20 -------- d-----w C:\Program Files\Trillian
2007-07-20 23:31:36 -------- d-----w C:\Program Files\Messenger
2007-07-20 22:37:01 -------- d-----w C:\Program Files\Windows NT
2007-07-20 21:18:24 -------- d-----w C:\Program Files\World of Warcraft
2007-07-18 21:37:00 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 19:56:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-12 11:39:51 -------- d-----w C:\Program Files\AIM
2007-07-12 11:38:51 -------- d-----w C:\Program Files\AOD
2007-07-12 11:23:57 -------- d-----w C:\Program Files\Real
2007-07-12 11:23:57 -------- d-----w C:\Program Files\Common Files\Real
2007-07-12 11:00:45 -------- d-----w C:\Program Files\QuickTime
2007-06-17 20:34:13 -------- d-----w C:\DOCUME~1\ALEXAN~1\APPLIC~1\ZoomBrowser EX
2007-06-07 21:53:39 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\QWxleGFuZGVyIFRyb3hlbGw\kqU5y3IRt3pVKIlVva15v3T.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9410BDC8-D765-4ECB-9009-38F26A4824B7}]
C:\WINDOWS\system32\vtutq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
"CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 C:\WINDOWS\system32\CTHELPER.EXE]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-12-10 03:06 C:\WINDOWS\system32\nvmctray.dll]
"HostManager"="C:\Program Files\Common Files\AOL\1126873288\ee\AOLSoftware.exe" [2005-11-02 23:01]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Sen"="C:\DOCUME~1\ALEXAN~1\MYDOCU~1\PPATCH~1\csrss.exe" []
"Enoya"="C:\WINDOWS\system32\?ystem32\?canregw.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-14 15:57:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 15:21:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-09 14:17:21]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows NT\progyrtarym.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alexander Troxell^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
path=C:\Documents and Settings\Alexander Troxell\Start Menu\Programs\Startup\Neverwinter Nights_ Platinum Edition Registration.lnk
backup=C:\WINDOWS\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alexander Troxell^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Alexander Troxell\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\TISKY009.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)

R0 iastor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iastor.sys
R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
R2 Aspi32;Aspi32;C:\WINDOWS\system32\drivers\Aspi32.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys
R2 wg4n;SyGate for NT, wg4n;C:\WINDOWS\system32\Drivers\wg4n.sys
R2 wg5n;SyGate for NT, wg5n;C:\WINDOWS\system32\Drivers\wg5n.sys
R2 wg6n;SyGate for NT, wg6n;C:\WINDOWS\system32\Drivers\wg6n.sys
R3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
R3 GEARAspiWDM;GEARAspiWDM;C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-04-12 11:51:45 C:\WINDOWS\tasks\Disk Cleanup.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 16:52:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 16:53:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-23 16:53

--- E O F ---

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:20 PM

Posted 23 July 2007 - 10:53 PM

Hello aleczander,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Viewpoint Manager (Remove Only)
Viewpoint Media Player


Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\VundoFix Backups
C:\WINDOWS\xbivslwA.exe
C:\Temp\bY001.exe
C:\WINDOWS\xbivslw.exe
C:\WINDOWS\system32\Z11
C:\Temp\brr
C:\Temp\0c2
C:\WINDOWS\QWxleGFuZGVyIFRyb3hlbGw
C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
C:\WINDOWS\system32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#5 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:20 PM

Posted 06 September 2007 - 12:24 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users