Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud + Zlob: Tried Smitfraudfix, Rouge Remover And More ...


  • Please log in to reply
19 replies to this topic

#1 Corey Mac

Corey Mac

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 27 May 2008 - 09:44 AM

I've been fighting a Smitfraud and Zlob issue for days now. I've tried all the remedies suggested, but each time I reboot, some missed item refreshes the problem. I'm running Windows XP Professional on an X41 Tablet. I have to transfer the logs since much of my DNS fails and I cannot load web pages (particularly those used to resolve these issues). Below are my HJT and SmitfraudFix logs. I'm close to saving what I can and formatting the HD, so anyone who can save me that pain would be my hero.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:00 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\winself.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\acctresb.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O1 - Hosts: 212.96.161.226 download.avg.com
O1 - Hosts: 64.74.243.15 www.grisoft.com
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\acctresb.exe
O4 - HKLM\..\Run: [BM7ff94c75] Rundll32.exe "C:\WINDOWS\system32\lbnpjoui.dll",s
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\acctresb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\acctresb.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\acctresb.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O20 - Winlogon Notify: nnnkIxvt - nnnkIxvt.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 13331 bytes

SmitFraudFix v2.322

Scan done at 10:19:13.82, Tue 05/27/2008
Run from C:\Documents and Settings\Lisa McEntyre\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
192.168.1.104 HP000D9D02938C
192.168.1.105 HP0017A430D3EB
212.96.161.226 download.avg.com
64.74.243.15 www.grisoft.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\accesss.exe Deleted
C:\WINDOWS\astctl32.ocx Deleted
C:\WINDOWS\avpcc.dll Deleted
C:\WINDOWS\clrssn.exe Deleted
C:\WINDOWS\cpan.dll Deleted
C:\WINDOWS\default.htm Deleted
C:\WINDOWS\iexplorer.exe Deleted
C:\WINDOWS\loader.exe Deleted
C:\WINDOWS\mtwirl32.dll Deleted
C:\WINDOWS\notepad32.exe Deleted
C:\WINDOWS\olehelp.exe Deleted
C:\WINDOWS\systeem.exe Deleted
C:\WINDOWS\systemcritical.exe Deleted
C:\WINDOWS\time.exe Deleted
C:\WINDOWS\users32.exe Deleted
C:\WINDOWS\waol.exe Deleted
C:\WINDOWS\win32e.exe Deleted
C:\WINDOWS\win64.exe Deleted
C:\WINDOWS\winajbm.dll Deleted
C:\WINDOWS\window.exe Deleted
C:\WINDOWS\winmgnt.exe Deleted
C:\WINDOWS\x.exe Deleted
C:\WINDOWS\xplugin.dll Deleted
C:\WINDOWS\xxxvideo.hta Deleted
C:\WINDOWS\y.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{168DE4B6-9032-4C1B-B71D-64290BA30CC3}: DhcpNameServer=24.25.5.148 24.25.5.147


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\default.htm Deleted
C:\WINDOWS\iexplorer.exe Deleted


»»»»»»»»»»»»»»»»»»»»»»»» End

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 27 May 2008 - 09:19 PM

Hello Corey Mac and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 27 May 2008 - 10:46 PM

Thank you OldTimer ...

I was able to run ATF-Cleaner, but the OTScanIt tool would not launch. Or, if it did, I could not see it. I also discovered that "the administrator disabled task manager". This, of course is not the case as the only account on this machine is the one I'm fixing which has admin (and I certainly didn't disable taskmgr). Is there another tool - perhaps one that runs via cmd that can give you the info you need to diagnose this beast? I also tried in safe mode w/o success.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 01:47 AM

Hi Corey Mac. It could be a couple of things. It might be getting blocked by the malware or it might be a bad download. First try renaming it to something else (try x.exe). If that doesn't work then delete the current download and the folder it created on the desktop and then download it again and try it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 06:30 AM

OT:

Good call on the rename. Using x.exe allowed your program to run. I've attached the resulting file.

Attached Files



#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 07:11 AM

Hello Corey Mac. Ok, let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
Ahn75
Fms17
Gnt20
Jqw42
Lsy30
MsSecurity1.209.4
Pwd75
Tbh85
Vdj52
Xfl18
Files to delete:
%systemroot%\accesss.exe
%systemroot%\astctl32.ocx
%systemroot%\avpcc.dll
%systemroot%\bm7ff94c75.xml
%systemroot%\clrssn.exe
%systemroot%\cpan.dll
%systemroot%\ctfmon32.exe
%systemroot%\ctrlpan.dll
%systemroot%\directx32.exe
%systemroot%\dnsrelay.dll
%systemroot%\editpad.exe
%systemroot%\explore.exe
%systemroot%\explorer32.exe
%systemroot%\funniest.exe
%systemroot%\funny.exe
%systemroot%\gfmnaaa.dll
%systemroot%\helpcvs.exe
%systemroot%\iedll.exe
%systemroot%\iexplorer.exe
%systemroot%\inetinf.exe
%systemroot%\internet.exe
%systemroot%\lfn.exe
%systemroot%\loader.exe
%systemroot%\mainms.vpi
%systemroot%\megavid.cdt
%systemroot%\msconfd.dll
%systemroot%\msspi.dll
%systemroot%\mssys.exe
%systemroot%\msupdate.exe
%systemroot%\mswsc10.dll
%systemroot%\mswsc20.dll
%systemroot%\mtwirl32.dll
%systemroot%\muotr.so
%systemroot%\notepad32.exe
%systemroot%\olehelp.exe
%systemroot%\qttasks.exe
%systemroot%\quicken.exe
%systemroot%\rundll16.exe
%systemroot%\rundll32.vbe
%systemroot%\searchword.dll
%systemroot%\sistem.exe
%systemroot%\svchost32.exe
%systemroot%\svcinit.exe
%systemroot%\systeem.exe
%systemroot%\system32\000060.exe
%systemroot%\system32\000080.exe
%systemroot%\system32\acctresb.exe
%systemroot%\system32\auwlxbcl.ini
%systemroot%\system32\drivers\ahn75.sys
%systemroot%\system32\drivers\fms17.sys
%systemroot%\system32\drivers\gnt20.sys
%systemroot%\system32\drivers\jqw42.sys
%systemroot%\system32\drivers\lsy30.sys
%systemroot%\system32\drivers\pwd75.sys
%systemroot%\system32\drivers\tbh85.sys
%systemroot%\system32\drivers\vdj52.sys
%systemroot%\system32\drivers\xfl18.sys
%systemroot%\system32\fgcjbgiq.exe
%systemroot%\system32\fpdaoqwm.dll
%systemroot%\system32\hgnmmnmp.ini
%systemroot%\system32\hgnmmnmp.ini2
%systemroot%\system32\hiovxggh.ini
%systemroot%\system32\hiovxggh.ini2
%systemroot%\system32\hljwugsf.bin
%systemroot%\system32\hsxbivum.dll
%systemroot%\system32\iypppgnc.dll
%systemroot%\system32\kvjcljov.dll
%systemroot%\system32\lbnpjoui.dll
%systemroot%\system32\lcstexrs.dll
%systemroot%\system32\ldyghcsn.dll
%systemroot%\system32\ljntmyet.dll
%systemroot%\system32\ltohqwjt.ini
%systemroot%\system32\lugbeeax.ini
%systemroot%\system32\mqmnaipx.dll
%systemroot%\system32\mwvdltay.ini
%systemroot%\system32\mwvdltay.ini2
%systemroot%\system32\spywarewarning.mht
%systemroot%\system32\spywarewarning2.mht
%systemroot%\system32\srxetscl.ini
%systemroot%\system32\twxwvggh.ini
%systemroot%\system32\twxwvggh.ini2
%systemroot%\system32\ubkjlnbm.dll
%systemroot%\system32\ucisrxyb.ini
%systemroot%\system32\ucisrxyb.ini2
%systemroot%\system32\uhnqifcy.exe
%systemroot%\system32\uonwpbqo.dll
%systemroot%\system32\vbpdtvdp.exe
%systemroot%\system32\vcdnxipo.ini
%systemroot%\system32\vcdnxipo.ini2
%systemroot%\system32\vouaorcv.dll
%systemroot%\system32\wvhngaky.exe
%systemroot%\system32\wywlslnl.dll
%systemroot%\system32\xdmnvlnv.exe
%systemroot%\system32\xlkvtqxq.ini
%systemroot%\system32\xnjdbjvr.dll
%systemroot%\system32\yohexlmt.exe
%systemroot%\system32\yslcdiub.ini
%systemroot%\systemcritical.exe
%systemroot%\tasks\pmtask.job
%systemroot%\time.exe
%systemroot%\users32.exe
%systemroot%\waol.exe
%systemroot%\win32e.exe
%systemroot%\win64.exe
%systemroot%\winajbm.dll
%systemroot%\window.exe
%systemroot%\winmgnt.exe
%systemroot%\winself.exe
%systemroot%\x.exe
%systemroot%\xplugin.dll
%systemroot%\xxxvideo.hta
%systemroot%\y.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
c:\windows\system32\acctresb.exe
c:\windows\y.exe
Folders to delete:
%systemroot%\system32\vntiho06

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> winself.exe -> %SystemRoot%\winself.exe
YY -> acctresb.exe -> %SystemRoot%\system32\acctresb.exe
[Win32 Services - Non-Microsoft Only]
YY -> (MsSecurity1.209.4) MsSecurity Updated [Win32_Shared | Auto | Running] -> %SystemRoot%\winself.exe
[Driver Services - Non-Microsoft Only]
YY -> (Ahn75) Ahn75 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Ahn75.sys
YY -> (Fms17) Fms17 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Fms17.sys
YY -> (Gnt20) Gnt20 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Gnt20.sys
YY -> (Jqw42) Jqw42 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Jqw42.sys
YY -> (Lsy30) Lsy30 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Lsy30.sys
YY -> (Pwd75) Pwd75 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Pwd75.sys
YY -> (Tbh85) Tbh85 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Tbh85.sys
YY -> (Vdj52) Vdj52 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Vdj52.sys
YY -> (Xfl18) Xfl18 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\Xfl18.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> IEUpdate -> %SystemRoot%\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> IEUpdate -> %SystemRoot%\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> IEUpdate -> %SystemRoot%\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
YN -> updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0]
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> IEUpdate -> %SystemRoot%\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\vbpdtvdp.exe -> %SystemRoot%\system32\vbpdtvdp.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> nnnkIxvt -> nnnkIxvt.dll
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {00110011-4b0b-44d5-9718-90c88817369b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {086ae192-23a6-48d6-96ec-715f53797e85} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {150fa160-130d-451f-b863-b655061432ba} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {2d38a51a-23c9-48a1-a33c-48675aa2b494} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {2e9caff6-30c7-4208-8807-e79d4ec6f806} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5321e378-ffad-4999-8c62-03ca8155f0b3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {587dbf2d-9145-4c9e-92c2-1f953da73773} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {79369d5c-2903-4b7a-ade2-d5e0dee14d24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {799a370d-5993-4887-9df7-0a4756a77d00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {98dbbf16-ca43-4c33-be80-99e6694468a4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {a55581dc-2cdb-4089-8878-71a080b22342} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {b847676d-72ac-4393-bfff-43a1eb979352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {bc97b254-b2b9-4d40-971d-78e0978f5f26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {cf021f40-3e14-23a5-cba2-717765721306} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {e2ddf680-9905-4dee-8c64-0a5de7fe133c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {e7afff2a-1b57-49c7-bf6b-e5123394c970} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {fd9bc004-8331-4457-b830-4759ff704c22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [IBM Java Console]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [IBM Java Console]
YN -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
NY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> C:\WINDOWS\y.exe [Y]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\IEUpdate -> C:\WINDOWS\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YN -> C:\\WINDOWS\\system32\\hgGvwxwt -> 
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\IEUpdate -> C:\WINDOWS\system32\acctresb.exe [C:\WINDOWS\system32\acctresb.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPZNET01.EXE -> E:\setup\HPZNET01.EXE [E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPONICIFS01.EXE -> E:\setup\HPONICIFS01.EXE [E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server]
[Files/Folders - Created Within 30 days]
NY -> 000060.exe -> %SystemRoot%\System32\000060.exe
NY -> 000080.exe -> %SystemRoot%\System32\000080.exe
NY -> acctresb.exe -> %SystemRoot%\System32\acctresb.exe
NY -> auwlxbcl.ini -> %SystemRoot%\System32\auwlxbcl.ini
NY -> fgcjbgiq.exe -> %SystemRoot%\System32\fgcjbgiq.exe
NY -> fpdaoqwm.dll -> %SystemRoot%\System32\fpdaoqwm.dll
NY -> HgNmmnmp.ini -> %SystemRoot%\System32\HgNmmnmp.ini
NY -> HgNmmnmp.ini2 -> %SystemRoot%\System32\HgNmmnmp.ini2
NY -> hiOVxGgh.ini -> %SystemRoot%\System32\hiOVxGgh.ini
NY -> hiOVxGgh.ini2 -> %SystemRoot%\System32\hiOVxGgh.ini2
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> hsxbivum.dll -> %SystemRoot%\System32\hsxbivum.dll
NY -> iypppgnc.dll -> %SystemRoot%\System32\iypppgnc.dll
NY -> kvjcljov.dll -> %SystemRoot%\System32\kvjcljov.dll
NY -> lbnpjoui.dll -> %SystemRoot%\System32\lbnpjoui.dll
NY -> lcstexrs.dll -> %SystemRoot%\System32\lcstexrs.dll
NY -> ldyghcsn.dll -> %SystemRoot%\System32\ldyghcsn.dll
NY -> ljntmyet.dll -> %SystemRoot%\System32\ljntmyet.dll
NY -> ltohqwjt.ini -> %SystemRoot%\System32\ltohqwjt.ini
NY -> lugbeeax.ini -> %SystemRoot%\System32\lugbeeax.ini
NY -> mqmnaipx.dll -> %SystemRoot%\System32\mqmnaipx.dll
NY -> mWvDLTAy.ini -> %SystemRoot%\System32\mWvDLTAy.ini
NY -> mWvDLTAy.ini2 -> %SystemRoot%\System32\mWvDLTAy.ini2
NY -> spywarewarning.mht -> %SystemRoot%\System32\spywarewarning.mht
NY -> spywarewarning2.mht -> %SystemRoot%\System32\spywarewarning2.mht
NY -> srxetscl.ini -> %SystemRoot%\System32\srxetscl.ini
NY -> twxwvGgh.ini -> %SystemRoot%\System32\twxwvGgh.ini
NY -> twxwvGgh.ini2 -> %SystemRoot%\System32\twxwvGgh.ini2
NY -> ubkjlnbm.dll -> %SystemRoot%\System32\ubkjlnbm.dll
NY -> UCISrXyb.ini -> %SystemRoot%\System32\UCISrXyb.ini
NY -> UCISrXyb.ini2 -> %SystemRoot%\System32\UCISrXyb.ini2
NY -> uhnqifcy.exe -> %SystemRoot%\System32\uhnqifcy.exe
NY -> uonwpbqo.dll -> %SystemRoot%\System32\uonwpbqo.dll
NY -> vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe
NY -> vCdNXIPo.ini -> %SystemRoot%\System32\vCdNXIPo.ini
NY -> vCdNXIPo.ini2 -> %SystemRoot%\System32\vCdNXIPo.ini2
NY -> vntiho06 -> %SystemRoot%\System32\vntiho06
NY -> 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> vouaorcv.dll -> %SystemRoot%\System32\vouaorcv.dll
NY -> wvhngaky.exe -> %SystemRoot%\System32\wvhngaky.exe
NY -> wywlslnl.dll -> %SystemRoot%\System32\wywlslnl.dll
NY -> xdmnvlnv.exe -> %SystemRoot%\System32\xdmnvlnv.exe
NY -> xlkvtqxq.ini -> %SystemRoot%\System32\xlkvtqxq.ini
NY -> xnjdbjvr.dll -> %SystemRoot%\System32\xnjdbjvr.dll
NY -> yohexlmt.exe -> %SystemRoot%\System32\yohexlmt.exe
NY -> yslcdiub.ini -> %SystemRoot%\System32\yslcdiub.ini
NY -> accesss.exe -> %SystemRoot%\accesss.exe
NY -> astctl32.ocx -> %SystemRoot%\astctl32.ocx
NY -> avpcc.dll -> %SystemRoot%\avpcc.dll
NY -> BM7ff94c75.xml -> %SystemRoot%\BM7ff94c75.xml
NY -> clrssn.exe -> %SystemRoot%\clrssn.exe
NY -> cpan.dll -> %SystemRoot%\cpan.dll
NY -> ctfmon32.exe -> %SystemRoot%\ctfmon32.exe
NY -> ctrlpan.dll -> %SystemRoot%\ctrlpan.dll
NY -> directx32.exe -> %SystemRoot%\directx32.exe
NY -> dnsrelay.dll -> %SystemRoot%\dnsrelay.dll
NY -> editpad.exe -> %SystemRoot%\editpad.exe
NY -> explore.exe -> %SystemRoot%\explore.exe
NY -> explorer32.exe -> %SystemRoot%\explorer32.exe
NY -> funniest.exe -> %SystemRoot%\funniest.exe
NY -> funny.exe -> %SystemRoot%\funny.exe
NY -> gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll
NY -> helpcvs.exe -> %SystemRoot%\helpcvs.exe
NY -> iedll.exe -> %SystemRoot%\iedll.exe
NY -> iexplorer.exe -> %SystemRoot%\iexplorer.exe
NY -> inetinf.exe -> %SystemRoot%\inetinf.exe
NY -> internet.exe -> %SystemRoot%\internet.exe
NY -> lfn.exe -> %SystemRoot%\lfn.exe
NY -> loader.exe -> %SystemRoot%\loader.exe
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> megavid.cdt -> %SystemRoot%\megavid.cdt
NY -> msconfd.dll -> %SystemRoot%\msconfd.dll
NY -> msspi.dll -> %SystemRoot%\msspi.dll
NY -> mssys.exe -> %SystemRoot%\mssys.exe
NY -> msupdate.exe -> %SystemRoot%\msupdate.exe
NY -> mswsc10.dll -> %SystemRoot%\mswsc10.dll
NY -> mswsc20.dll -> %SystemRoot%\mswsc20.dll
NY -> mtwirl32.dll -> %SystemRoot%\mtwirl32.dll
NY -> muotr.so -> %SystemRoot%\muotr.so
NY -> notepad32.exe -> %SystemRoot%\notepad32.exe
NY -> olehelp.exe -> %SystemRoot%\olehelp.exe
NY -> qttasks.exe -> %SystemRoot%\qttasks.exe
NY -> quicken.exe -> %SystemRoot%\quicken.exe
NY -> rundll16.exe -> %SystemRoot%\rundll16.exe
NY -> rundll32.vbe -> %SystemRoot%\rundll32.vbe
NY -> searchword.dll -> %SystemRoot%\searchword.dll
NY -> sistem.exe -> %SystemRoot%\sistem.exe
NY -> svchost32.exe -> %SystemRoot%\svchost32.exe
NY -> svcinit.exe -> %SystemRoot%\svcinit.exe
NY -> systeem.exe -> %SystemRoot%\systeem.exe
NY -> systemcritical.exe -> %SystemRoot%\systemcritical.exe
NY -> time.exe -> %SystemRoot%\time.exe
NY -> users32.exe -> %SystemRoot%\users32.exe
NY -> waol.exe -> %SystemRoot%\waol.exe
NY -> win32e.exe -> %SystemRoot%\win32e.exe
NY -> win64.exe -> %SystemRoot%\win64.exe
NY -> winajbm.dll -> %SystemRoot%\winajbm.dll
NY -> window.exe -> %SystemRoot%\window.exe
NY -> winmgnt.exe -> %SystemRoot%\winmgnt.exe
NY -> winself.exe -> %SystemRoot%\winself.exe
NY -> x.exe -> %SystemRoot%\x.exe
NY -> xplugin.dll -> %SystemRoot%\xplugin.dll
NY -> xxxvideo.hta -> %SystemRoot%\xxxvideo.hta
NY -> y.exe -> %SystemRoot%\y.exe
NY -> ?dobe -> %SystemRoot%\Αdobe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> ?ssembly -> %CommonProgramFiles%\аssembly
[Files/Folders - Modified Within 30 days]
NY -> 000060.exe -> %SystemRoot%\System32\000060.exe
NY -> 000080.exe -> %SystemRoot%\System32\000080.exe
NY -> acctresb.exe -> %SystemRoot%\System32\acctresb.exe
NY -> auwlxbcl.ini -> %SystemRoot%\System32\auwlxbcl.ini
NY -> 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> fgcjbgiq.exe -> %SystemRoot%\System32\fgcjbgiq.exe
NY -> fpdaoqwm.dll -> %SystemRoot%\System32\fpdaoqwm.dll
NY -> HgNmmnmp.ini -> %SystemRoot%\System32\HgNmmnmp.ini
NY -> HgNmmnmp.ini2 -> %SystemRoot%\System32\HgNmmnmp.ini2
NY -> hiOVxGgh.ini -> %SystemRoot%\System32\hiOVxGgh.ini
NY -> hiOVxGgh.ini2 -> %SystemRoot%\System32\hiOVxGgh.ini2
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> hsxbivum.dll -> %SystemRoot%\System32\hsxbivum.dll
NY -> iypppgnc.dll -> %SystemRoot%\System32\iypppgnc.dll
NY -> kvjcljov.dll -> %SystemRoot%\System32\kvjcljov.dll
NY -> lbnpjoui.dll -> %SystemRoot%\System32\lbnpjoui.dll
NY -> lcstexrs.dll -> %SystemRoot%\System32\lcstexrs.dll
NY -> ldyghcsn.dll -> %SystemRoot%\System32\ldyghcsn.dll
NY -> ljntmyet.dll -> %SystemRoot%\System32\ljntmyet.dll
NY -> ltohqwjt.ini -> %SystemRoot%\System32\ltohqwjt.ini
NY -> lugbeeax.ini -> %SystemRoot%\System32\lugbeeax.ini
NY -> mqmnaipx.dll -> %SystemRoot%\System32\mqmnaipx.dll
NY -> mWvDLTAy.ini -> %SystemRoot%\System32\mWvDLTAy.ini
NY -> mWvDLTAy.ini2 -> %SystemRoot%\System32\mWvDLTAy.ini2
NY -> spywarewarning.mht -> %SystemRoot%\System32\spywarewarning.mht
NY -> spywarewarning2.mht -> %SystemRoot%\System32\spywarewarning2.mht
NY -> srxetscl.ini -> %SystemRoot%\System32\srxetscl.ini
NY -> twxwvGgh.ini -> %SystemRoot%\System32\twxwvGgh.ini
NY -> twxwvGgh.ini2 -> %SystemRoot%\System32\twxwvGgh.ini2
NY -> ubkjlnbm.dll -> %SystemRoot%\System32\ubkjlnbm.dll
NY -> UCISrXyb.ini -> %SystemRoot%\System32\UCISrXyb.ini
NY -> UCISrXyb.ini2 -> %SystemRoot%\System32\UCISrXyb.ini2
NY -> uhnqifcy.exe -> %SystemRoot%\System32\uhnqifcy.exe
NY -> uonwpbqo.dll -> %SystemRoot%\System32\uonwpbqo.dll
NY -> vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe
NY -> vCdNXIPo.ini -> %SystemRoot%\System32\vCdNXIPo.ini
NY -> vCdNXIPo.ini2 -> %SystemRoot%\System32\vCdNXIPo.ini2
NY -> vntiho06 -> %SystemRoot%\System32\vntiho06
NY -> vouaorcv.dll -> %SystemRoot%\System32\vouaorcv.dll
NY -> wvhngaky.exe -> %SystemRoot%\System32\wvhngaky.exe
NY -> wywlslnl.dll -> %SystemRoot%\System32\wywlslnl.dll
NY -> xdmnvlnv.exe -> %SystemRoot%\System32\xdmnvlnv.exe
NY -> xlkvtqxq.ini -> %SystemRoot%\System32\xlkvtqxq.ini
NY -> xnjdbjvr.dll -> %SystemRoot%\System32\xnjdbjvr.dll
NY -> yohexlmt.exe -> %SystemRoot%\System32\yohexlmt.exe
NY -> yslcdiub.ini -> %SystemRoot%\System32\yslcdiub.ini
NY -> accesss.exe -> %SystemRoot%\accesss.exe
NY -> astctl32.ocx -> %SystemRoot%\astctl32.ocx
NY -> avpcc.dll -> %SystemRoot%\avpcc.dll
NY -> BM7ff94c75.xml -> %SystemRoot%\BM7ff94c75.xml
NY -> clrssn.exe -> %SystemRoot%\clrssn.exe
NY -> cpan.dll -> %SystemRoot%\cpan.dll
NY -> ctfmon32.exe -> %SystemRoot%\ctfmon32.exe
NY -> ctrlpan.dll -> %SystemRoot%\ctrlpan.dll
NY -> directx32.exe -> %SystemRoot%\directx32.exe
NY -> dnsrelay.dll -> %SystemRoot%\dnsrelay.dll
NY -> editpad.exe -> %SystemRoot%\editpad.exe
NY -> explore.exe -> %SystemRoot%\explore.exe
NY -> explorer32.exe -> %SystemRoot%\explorer32.exe
NY -> funniest.exe -> %SystemRoot%\funniest.exe
NY -> funny.exe -> %SystemRoot%\funny.exe
NY -> gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll
NY -> helpcvs.exe -> %SystemRoot%\helpcvs.exe
NY -> iedll.exe -> %SystemRoot%\iedll.exe
NY -> iexplorer.exe -> %SystemRoot%\iexplorer.exe
NY -> inetinf.exe -> %SystemRoot%\inetinf.exe
NY -> internet.exe -> %SystemRoot%\internet.exe
NY -> lfn.exe -> %SystemRoot%\lfn.exe
NY -> loader.exe -> %SystemRoot%\loader.exe
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> megavid.cdt -> %SystemRoot%\megavid.cdt
NY -> msconfd.dll -> %SystemRoot%\msconfd.dll
NY -> msspi.dll -> %SystemRoot%\msspi.dll
NY -> mssys.exe -> %SystemRoot%\mssys.exe
NY -> msupdate.exe -> %SystemRoot%\msupdate.exe
NY -> mswsc10.dll -> %SystemRoot%\mswsc10.dll
NY -> mswsc20.dll -> %SystemRoot%\mswsc20.dll
NY -> mtwirl32.dll -> %SystemRoot%\mtwirl32.dll
NY -> muotr.so -> %SystemRoot%\muotr.so
NY -> notepad32.exe -> %SystemRoot%\notepad32.exe
NY -> olehelp.exe -> %SystemRoot%\olehelp.exe
NY -> qttasks.exe -> %SystemRoot%\qttasks.exe
NY -> quicken.exe -> %SystemRoot%\quicken.exe
NY -> rundll16.exe -> %SystemRoot%\rundll16.exe
NY -> rundll32.vbe -> %SystemRoot%\rundll32.vbe
NY -> searchword.dll -> %SystemRoot%\searchword.dll
NY -> sistem.exe -> %SystemRoot%\sistem.exe
NY -> svchost32.exe -> %SystemRoot%\svchost32.exe
NY -> svcinit.exe -> %SystemRoot%\svcinit.exe
NY -> systeem.exe -> %SystemRoot%\systeem.exe
NY -> systemcritical.exe -> %SystemRoot%\systemcritical.exe
NY -> time.exe -> %SystemRoot%\time.exe
NY -> users32.exe -> %SystemRoot%\users32.exe
NY -> waol.exe -> %SystemRoot%\waol.exe
NY -> win32e.exe -> %SystemRoot%\win32e.exe
NY -> win64.exe -> %SystemRoot%\win64.exe
NY -> winajbm.dll -> %SystemRoot%\winajbm.dll
NY -> window.exe -> %SystemRoot%\window.exe
NY -> winmgnt.exe -> %SystemRoot%\winmgnt.exe
NY -> winself.exe -> %SystemRoot%\winself.exe
NY -> x.exe -> %SystemRoot%\x.exe
NY -> xplugin.dll -> %SystemRoot%\xplugin.dll
NY -> xxxvideo.hta -> %SystemRoot%\xxxvideo.hta
NY -> y.exe -> %SystemRoot%\y.exe
NY -> ?dobe -> %SystemRoot%\Αdobe
NY -> PMTask.job -> %SystemRoot%\tasks\PMTask.job
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> 21 C:\Documents and Settings\Lisa McEntyre\My Documents\*.tmp files -> C:\Documents and Settings\Lisa McEntyre\My Documents\*.tmp
NY -> ?ssembly -> %CommonProgramFiles%\аssembly
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 08:58 AM

Thanks again OT .. I believe you have made significant progress. I was unable to run the online scans as something is setting popular support sites to localhost. I tried making entries in the hosts file, but it doesn't appear to work. I can browse non-virus-spyware-threatening sites like yahoo or google, but bleepingcomputer.com and f-secure and the like all route to 127.0.0.1.

I did complete the other steps and it looks like the main spyware is gone (at least the background isn't being reset and there have been no pop-ups).

Your data ...

Avenger report:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "clbdriver" found!
ImagePath: \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Start Type: 1 (System)

Rootkit scan completed.

Driver "Ahn75" deleted successfully.
Driver "Fms17" deleted successfully.
Driver "Gnt20" deleted successfully.
Driver "Jqw42" deleted successfully.
Driver "Lsy30" deleted successfully.
Driver "MsSecurity1.209.4" deleted successfully.
Driver "Pwd75" deleted successfully.
Driver "Tbh85" deleted successfully.
Driver "Vdj52" deleted successfully.
Driver "Xfl18" deleted successfully.
File "C:\WINDOWS\accesss.exe" deleted successfully.
File "C:\WINDOWS\astctl32.ocx" deleted successfully.
File "C:\WINDOWS\avpcc.dll" deleted successfully.
File "C:\WINDOWS\bm7ff94c75.xml" deleted successfully.
File "C:\WINDOWS\clrssn.exe" deleted successfully.
File "C:\WINDOWS\cpan.dll" deleted successfully.
File "C:\WINDOWS\ctfmon32.exe" deleted successfully.
File "C:\WINDOWS\ctrlpan.dll" deleted successfully.
File "C:\WINDOWS\directx32.exe" deleted successfully.
File "C:\WINDOWS\dnsrelay.dll" deleted successfully.
File "C:\WINDOWS\editpad.exe" deleted successfully.
File "C:\WINDOWS\explore.exe" deleted successfully.
File "C:\WINDOWS\explorer32.exe" deleted successfully.
File "C:\WINDOWS\funniest.exe" deleted successfully.
File "C:\WINDOWS\funny.exe" deleted successfully.
File "C:\WINDOWS\gfmnaaa.dll" deleted successfully.
File "C:\WINDOWS\helpcvs.exe" deleted successfully.
File "C:\WINDOWS\iedll.exe" deleted successfully.
File "C:\WINDOWS\iexplorer.exe" deleted successfully.
File "C:\WINDOWS\inetinf.exe" deleted successfully.
File "C:\WINDOWS\internet.exe" deleted successfully.
File "C:\WINDOWS\lfn.exe" deleted successfully.
File "C:\WINDOWS\loader.exe" deleted successfully.
File "C:\WINDOWS\mainms.vpi" deleted successfully.
File "C:\WINDOWS\megavid.cdt" deleted successfully.
File "C:\WINDOWS\msconfd.dll" deleted successfully.
File "C:\WINDOWS\msspi.dll" deleted successfully.
File "C:\WINDOWS\mssys.exe" deleted successfully.
File "C:\WINDOWS\msupdate.exe" deleted successfully.
File "C:\WINDOWS\mswsc10.dll" deleted successfully.
File "C:\WINDOWS\mswsc20.dll" deleted successfully.
File "C:\WINDOWS\mtwirl32.dll" deleted successfully.
File "C:\WINDOWS\muotr.so" deleted successfully.
File "C:\WINDOWS\notepad32.exe" deleted successfully.
File "C:\WINDOWS\olehelp.exe" deleted successfully.
File "C:\WINDOWS\qttasks.exe" deleted successfully.
File "C:\WINDOWS\quicken.exe" deleted successfully.
File "C:\WINDOWS\rundll16.exe" deleted successfully.
File "C:\WINDOWS\rundll32.vbe" deleted successfully.
File "C:\WINDOWS\searchword.dll" deleted successfully.
File "C:\WINDOWS\sistem.exe" deleted successfully.
File "C:\WINDOWS\svchost32.exe" deleted successfully.
File "C:\WINDOWS\svcinit.exe" deleted successfully.
File "C:\WINDOWS\systeem.exe" deleted successfully.
File "C:\WINDOWS\system32\000060.exe" deleted successfully.
File "C:\WINDOWS\system32\000080.exe" deleted successfully.
File "C:\WINDOWS\system32\acctresb.exe" deleted successfully.
File "C:\WINDOWS\system32\auwlxbcl.ini" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\ahn75.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\ahn75.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\fms17.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\fms17.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\gnt20.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\gnt20.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\jqw42.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\jqw42.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\lsy30.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\lsy30.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pwd75.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pwd75.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\tbh85.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\tbh85.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\vdj52.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\vdj52.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\xfl18.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\xfl18.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\fgcjbgiq.exe" deleted successfully.
File "C:\WINDOWS\system32\fpdaoqwm.dll" deleted successfully.
File "C:\WINDOWS\system32\hgnmmnmp.ini" deleted successfully.
File "C:\WINDOWS\system32\hgnmmnmp.ini2" deleted successfully.
File "C:\WINDOWS\system32\hiovxggh.ini" deleted successfully.
File "C:\WINDOWS\system32\hiovxggh.ini2" deleted successfully.
File "C:\WINDOWS\system32\hljwugsf.bin" deleted successfully.
File "C:\WINDOWS\system32\hsxbivum.dll" deleted successfully.
File "C:\WINDOWS\system32\iypppgnc.dll" deleted successfully.
File "C:\WINDOWS\system32\kvjcljov.dll" deleted successfully.
File "C:\WINDOWS\system32\lbnpjoui.dll" deleted successfully.
File "C:\WINDOWS\system32\lcstexrs.dll" deleted successfully.
File "C:\WINDOWS\system32\ldyghcsn.dll" deleted successfully.
File "C:\WINDOWS\system32\ljntmyet.dll" deleted successfully.
File "C:\WINDOWS\system32\ltohqwjt.ini" deleted successfully.
File "C:\WINDOWS\system32\lugbeeax.ini" deleted successfully.
File "C:\WINDOWS\system32\mqmnaipx.dll" deleted successfully.
File "C:\WINDOWS\system32\mwvdltay.ini" deleted successfully.
File "C:\WINDOWS\system32\mwvdltay.ini2" deleted successfully.
File "C:\WINDOWS\system32\spywarewarning.mht" deleted successfully.
File "C:\WINDOWS\system32\spywarewarning2.mht" deleted successfully.
File "C:\WINDOWS\system32\srxetscl.ini" deleted successfully.
File "C:\WINDOWS\system32\twxwvggh.ini" deleted successfully.
File "C:\WINDOWS\system32\twxwvggh.ini2" deleted successfully.
File "C:\WINDOWS\system32\ubkjlnbm.dll" deleted successfully.
File "C:\WINDOWS\system32\ucisrxyb.ini" deleted successfully.
File "C:\WINDOWS\system32\ucisrxyb.ini2" deleted successfully.
File "C:\WINDOWS\system32\uhnqifcy.exe" deleted successfully.
File "C:\WINDOWS\system32\uonwpbqo.dll" deleted successfully.
File "C:\WINDOWS\system32\vbpdtvdp.exe" deleted successfully.
File "C:\WINDOWS\system32\vcdnxipo.ini" deleted successfully.
File "C:\WINDOWS\system32\vcdnxipo.ini2" deleted successfully.
File "C:\WINDOWS\system32\vouaorcv.dll" deleted successfully.
File "C:\WINDOWS\system32\wvhngaky.exe" deleted successfully.
File "C:\WINDOWS\system32\wywlslnl.dll" deleted successfully.
File "C:\WINDOWS\system32\xdmnvlnv.exe" deleted successfully.
File "C:\WINDOWS\system32\xlkvtqxq.ini" deleted successfully.
File "C:\WINDOWS\system32\xnjdbjvr.dll" deleted successfully.
File "C:\WINDOWS\system32\yohexlmt.exe" deleted successfully.
File "C:\WINDOWS\system32\yslcdiub.ini" deleted successfully.
File "C:\WINDOWS\systemcritical.exe" deleted successfully.
File "C:\WINDOWS\tasks\pmtask.job" deleted successfully.
File "C:\WINDOWS\time.exe" deleted successfully.
File "C:\WINDOWS\users32.exe" deleted successfully.
File "C:\WINDOWS\waol.exe" deleted successfully.
File "C:\WINDOWS\win32e.exe" deleted successfully.
File "C:\WINDOWS\win64.exe" deleted successfully.
File "C:\WINDOWS\winajbm.dll" deleted successfully.
File "C:\WINDOWS\window.exe" deleted successfully.
File "C:\WINDOWS\winmgnt.exe" deleted successfully.
File "C:\WINDOWS\winself.exe" deleted successfully.
File "C:\WINDOWS\x.exe" deleted successfully.
File "C:\WINDOWS\xplugin.dll" deleted successfully.
File "C:\WINDOWS\xxxvideo.hta" deleted successfully.
File "C:\WINDOWS\y.exe" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.

Error: file "c:\windows\system32\acctresb.exe" not found!
Deletion of file "c:\windows\system32\acctresb.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\y.exe" not found!
Deletion of file "c:\windows\y.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\system32\vntiho06" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OTScanIt Fix Log:
Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process winself.exe .
File C:\WINDOWS\winself.exe not found.
Unable to kill process acctresb.exe .
File C:\WINDOWS\system32\acctresb.exe not found.
[Win32 Services - Non-Microsoft Only]
Unable to stop service MsSecurity1.209.4 .
Unable to delete service MsSecurity1.209.4 .
File C:\WINDOWS\winself.exe not found.
[Driver Services - Non-Microsoft Only]
Unable to stop service Ahn75 .
Unable to delete service Ahn75 .
File C:\WINDOWS\System32\Drivers\Ahn75.sys not found.
Unable to stop service Fms17 .
Unable to delete service Fms17 .
File C:\WINDOWS\System32\Drivers\Fms17.sys not found.
Unable to stop service Gnt20 .
Unable to delete service Gnt20 .
File C:\WINDOWS\System32\Drivers\Gnt20.sys not found.
Unable to stop service Jqw42 .
Unable to delete service Jqw42 .
File C:\WINDOWS\System32\Drivers\Jqw42.sys not found.
Unable to stop service Lsy30 .
Unable to delete service Lsy30 .
File C:\WINDOWS\System32\Drivers\Lsy30.sys not found.
Unable to stop service Pwd75 .
Unable to delete service Pwd75 .
File C:\WINDOWS\System32\Drivers\Pwd75.sys not found.
Unable to stop service Tbh85 .
Unable to delete service Tbh85 .
File C:\WINDOWS\System32\Drivers\Tbh85.sys not found.
Unable to stop service Vdj52 .
Unable to delete service Vdj52 .
File C:\WINDOWS\System32\Drivers\Vdj52.sys not found.
Unable to stop service Xfl18 .
Unable to delete service Xfl18 .
File C:\WINDOWS\System32\Drivers\Xfl18.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\vbpdtvdp.exe deleted successfully.
File C:\WINDOWS\system32\vbpdtvdp.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkIxvt\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00110011-4b0b-44d5-9718-90c88817369b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{086ae192-23a6-48d6-96ec-715f53797e85}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{150fa160-130d-451f-b863-b655061432ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d38a51a-23c9-48a1-a33c-48675aa2b494}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e9caff6-30c7-4208-8807-e79d4ec6f806}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5321e378-ffad-4999-8c62-03ca8155f0b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{587dbf2d-9145-4c9e-92c2-1f953da73773}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799a370d-5993-4887-9df7-0a4756a77d00}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98dbbf16-ca43-4c33-be80-99e6694468a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55581dc-2cdb-4089-8878-71a080b22342}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b847676d-72ac-4393-bfff-43a1eb979352}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc97b254-b2b9-4d40-971d-78e0978f5f26}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf021f40-3e14-23a5-cba2-717765721306}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7afff2a-1b57-49c7-bf6b-e5123394c970}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd9bc004-8331-4457-b830-4759ff704c22}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM deleted successfully.
File C:\WINDOWS\y.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\\WINDOWS\\system32\\hgGvwxwt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\IEUpdate deleted successfully.
File C:\WINDOWS\system32\acctresb.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPZNET01.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPONICIFS01.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\000060.exe not found!
File C:\WINDOWS\System32\000080.exe not found!
File C:\WINDOWS\System32\acctresb.exe not found!
File C:\WINDOWS\System32\auwlxbcl.ini not found!
File C:\WINDOWS\System32\fgcjbgiq.exe not found!
File C:\WINDOWS\System32\fpdaoqwm.dll not found!
File C:\WINDOWS\System32\HgNmmnmp.ini not found!
File C:\WINDOWS\System32\HgNmmnmp.ini2 not found!
File C:\WINDOWS\System32\hiOVxGgh.ini not found!
File C:\WINDOWS\System32\hiOVxGgh.ini2 not found!
File C:\WINDOWS\System32\hljwugsf.bin not found!
File C:\WINDOWS\System32\hsxbivum.dll not found!
File C:\WINDOWS\System32\iypppgnc.dll not found!
File C:\WINDOWS\System32\kvjcljov.dll not found!
File C:\WINDOWS\System32\lbnpjoui.dll not found!
File C:\WINDOWS\System32\lcstexrs.dll not found!
File C:\WINDOWS\System32\ldyghcsn.dll not found!
File C:\WINDOWS\System32\ljntmyet.dll not found!
File C:\WINDOWS\System32\ltohqwjt.ini not found!
File C:\WINDOWS\System32\lugbeeax.ini not found!
File C:\WINDOWS\System32\mqmnaipx.dll not found!
File C:\WINDOWS\System32\mWvDLTAy.ini not found!
File C:\WINDOWS\System32\mWvDLTAy.ini2 not found!
File C:\WINDOWS\System32\spywarewarning.mht not found!
File C:\WINDOWS\System32\spywarewarning2.mht not found!
File C:\WINDOWS\System32\srxetscl.ini not found!
File C:\WINDOWS\System32\twxwvGgh.ini not found!
File C:\WINDOWS\System32\twxwvGgh.ini2 not found!
File C:\WINDOWS\System32\ubkjlnbm.dll not found!
File C:\WINDOWS\System32\UCISrXyb.ini not found!
File C:\WINDOWS\System32\UCISrXyb.ini2 not found!
File C:\WINDOWS\System32\uhnqifcy.exe not found!
File C:\WINDOWS\System32\uonwpbqo.dll not found!
File C:\WINDOWS\System32\vbpdtvdp.exe not found!
File C:\WINDOWS\System32\vCdNXIPo.ini not found!
File C:\WINDOWS\System32\vCdNXIPo.ini2 not found!
File C:\WINDOWS\System32\vntiho06 not found!
File C:\WINDOWS\System32\vouaorcv.dll not found!
File C:\WINDOWS\System32\wvhngaky.exe not found!
File C:\WINDOWS\System32\wywlslnl.dll not found!
File C:\WINDOWS\System32\xdmnvlnv.exe not found!
File C:\WINDOWS\System32\xlkvtqxq.ini not found!
File C:\WINDOWS\System32\xnjdbjvr.dll not found!
File C:\WINDOWS\System32\yohexlmt.exe not found!
File C:\WINDOWS\System32\yslcdiub.ini not found!
File C:\WINDOWS\accesss.exe not found!
File C:\WINDOWS\astctl32.ocx not found!
File C:\WINDOWS\avpcc.dll not found!
File C:\WINDOWS\BM7ff94c75.xml not found!
File C:\WINDOWS\clrssn.exe not found!
File C:\WINDOWS\cpan.dll not found!
File C:\WINDOWS\ctfmon32.exe not found!
File C:\WINDOWS\ctrlpan.dll not found!
File C:\WINDOWS\directx32.exe not found!
File C:\WINDOWS\dnsrelay.dll not found!
File C:\WINDOWS\editpad.exe not found!
File C:\WINDOWS\explore.exe not found!
File C:\WINDOWS\explorer32.exe not found!
File C:\WINDOWS\funniest.exe not found!
File C:\WINDOWS\funny.exe not found!
File C:\WINDOWS\gfmnaaa.dll not found!
File C:\WINDOWS\helpcvs.exe not found!
File C:\WINDOWS\iedll.exe not found!
File C:\WINDOWS\iexplorer.exe not found!
File C:\WINDOWS\inetinf.exe not found!
File C:\WINDOWS\internet.exe not found!
File C:\WINDOWS\lfn.exe not found!
File C:\WINDOWS\loader.exe not found!
File C:\WINDOWS\mainms.vpi not found!
File C:\WINDOWS\megavid.cdt not found!
File C:\WINDOWS\msconfd.dll not found!
File C:\WINDOWS\msspi.dll not found!
File C:\WINDOWS\mssys.exe not found!
File C:\WINDOWS\msupdate.exe not found!
File C:\WINDOWS\mswsc10.dll not found!
File C:\WINDOWS\mswsc20.dll not found!
File C:\WINDOWS\mtwirl32.dll not found!
File C:\WINDOWS\muotr.so not found!
File C:\WINDOWS\notepad32.exe not found!
File C:\WINDOWS\olehelp.exe not found!
File C:\WINDOWS\qttasks.exe not found!
File C:\WINDOWS\quicken.exe not found!
File C:\WINDOWS\rundll16.exe not found!
File C:\WINDOWS\rundll32.vbe not found!
File C:\WINDOWS\searchword.dll not found!
File C:\WINDOWS\sistem.exe not found!
File C:\WINDOWS\svchost32.exe not found!
File C:\WINDOWS\svcinit.exe not found!
File C:\WINDOWS\systeem.exe not found!
File C:\WINDOWS\systemcritical.exe not found!
File C:\WINDOWS\time.exe not found!
File C:\WINDOWS\users32.exe not found!
File C:\WINDOWS\waol.exe not found!
File C:\WINDOWS\win32e.exe not found!
File C:\WINDOWS\win64.exe not found!
File C:\WINDOWS\winajbm.dll not found!
File C:\WINDOWS\window.exe not found!
File C:\WINDOWS\winmgnt.exe not found!
File C:\WINDOWS\winself.exe not found!
File C:\WINDOWS\x.exe not found!
File C:\WINDOWS\xplugin.dll not found!
File C:\WINDOWS\xxxvideo.hta not found!
File C:\WINDOWS\y.exe not found!
C:\WINDOWS\Αdobe folder moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
C:\Program Files\Common Files\аssembly\аssembly folder moved successfully.
C:\Program Files\Common Files\аssembly folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\000060.exe not found!
File C:\WINDOWS\System32\000080.exe not found!
File C:\WINDOWS\System32\acctresb.exe not found!
File C:\WINDOWS\System32\auwlxbcl.ini not found!
File C:\WINDOWS\System32\fgcjbgiq.exe not found!
File C:\WINDOWS\System32\fpdaoqwm.dll not found!
File C:\WINDOWS\System32\HgNmmnmp.ini not found!
File C:\WINDOWS\System32\HgNmmnmp.ini2 not found!
File C:\WINDOWS\System32\hiOVxGgh.ini not found!
File C:\WINDOWS\System32\hiOVxGgh.ini2 not found!
File C:\WINDOWS\System32\hljwugsf.bin not found!
File C:\WINDOWS\System32\hsxbivum.dll not found!
File C:\WINDOWS\System32\iypppgnc.dll not found!
File C:\WINDOWS\System32\kvjcljov.dll not found!
File C:\WINDOWS\System32\lbnpjoui.dll not found!
File C:\WINDOWS\System32\lcstexrs.dll not found!
File C:\WINDOWS\System32\ldyghcsn.dll not found!
File C:\WINDOWS\System32\ljntmyet.dll not found!
File C:\WINDOWS\System32\ltohqwjt.ini not found!
File C:\WINDOWS\System32\lugbeeax.ini not found!
File C:\WINDOWS\System32\mqmnaipx.dll not found!
File C:\WINDOWS\System32\mWvDLTAy.ini not found!
File C:\WINDOWS\System32\mWvDLTAy.ini2 not found!
File C:\WINDOWS\System32\spywarewarning.mht not found!
File C:\WINDOWS\System32\spywarewarning2.mht not found!
File C:\WINDOWS\System32\srxetscl.ini not found!
File C:\WINDOWS\System32\twxwvGgh.ini not found!
File C:\WINDOWS\System32\twxwvGgh.ini2 not found!
File C:\WINDOWS\System32\ubkjlnbm.dll not found!
File C:\WINDOWS\System32\UCISrXyb.ini not found!
File C:\WINDOWS\System32\UCISrXyb.ini2 not found!
File C:\WINDOWS\System32\uhnqifcy.exe not found!
File C:\WINDOWS\System32\uonwpbqo.dll not found!
File C:\WINDOWS\System32\vbpdtvdp.exe not found!
File C:\WINDOWS\System32\vCdNXIPo.ini not found!
File C:\WINDOWS\System32\vCdNXIPo.ini2 not found!
File C:\WINDOWS\System32\vntiho06 not found!
File C:\WINDOWS\System32\vouaorcv.dll not found!
File C:\WINDOWS\System32\wvhngaky.exe not found!
File C:\WINDOWS\System32\wywlslnl.dll not found!
File C:\WINDOWS\System32\xdmnvlnv.exe not found!
File C:\WINDOWS\System32\xlkvtqxq.ini not found!
File C:\WINDOWS\System32\xnjdbjvr.dll not found!
File C:\WINDOWS\System32\yohexlmt.exe not found!
File C:\WINDOWS\System32\yslcdiub.ini not found!
File C:\WINDOWS\accesss.exe not found!
File C:\WINDOWS\astctl32.ocx not found!
File C:\WINDOWS\avpcc.dll not found!
File C:\WINDOWS\BM7ff94c75.xml not found!
File C:\WINDOWS\clrssn.exe not found!
File C:\WINDOWS\cpan.dll not found!
File C:\WINDOWS\ctfmon32.exe not found!
File C:\WINDOWS\ctrlpan.dll not found!
File C:\WINDOWS\directx32.exe not found!
File C:\WINDOWS\dnsrelay.dll not found!
File C:\WINDOWS\editpad.exe not found!
File C:\WINDOWS\explore.exe not found!
File C:\WINDOWS\explorer32.exe not found!
File C:\WINDOWS\funniest.exe not found!
File C:\WINDOWS\funny.exe not found!
File C:\WINDOWS\gfmnaaa.dll not found!
File C:\WINDOWS\helpcvs.exe not found!
File C:\WINDOWS\iedll.exe not found!
File C:\WINDOWS\iexplorer.exe not found!
File C:\WINDOWS\inetinf.exe not found!
File C:\WINDOWS\internet.exe not found!
File C:\WINDOWS\lfn.exe not found!
File C:\WINDOWS\loader.exe not found!
File C:\WINDOWS\mainms.vpi not found!
File C:\WINDOWS\megavid.cdt not found!
File C:\WINDOWS\msconfd.dll not found!
File C:\WINDOWS\msspi.dll not found!
File C:\WINDOWS\mssys.exe not found!
File C:\WINDOWS\msupdate.exe not found!
File C:\WINDOWS\mswsc10.dll not found!
File C:\WINDOWS\mswsc20.dll not found!
File C:\WINDOWS\mtwirl32.dll not found!
File C:\WINDOWS\muotr.so not found!
File C:\WINDOWS\notepad32.exe not found!
File C:\WINDOWS\olehelp.exe not found!
File C:\WINDOWS\qttasks.exe not found!
File C:\WINDOWS\quicken.exe not found!
File C:\WINDOWS\rundll16.exe not found!
File C:\WINDOWS\rundll32.vbe not found!
File C:\WINDOWS\searchword.dll not found!
File C:\WINDOWS\sistem.exe not found!
File C:\WINDOWS\svchost32.exe not found!
File C:\WINDOWS\svcinit.exe not found!
File C:\WINDOWS\systeem.exe not found!
File C:\WINDOWS\systemcritical.exe not found!
File C:\WINDOWS\time.exe not found!
File C:\WINDOWS\users32.exe not found!
File C:\WINDOWS\waol.exe not found!
File C:\WINDOWS\win32e.exe not found!
File C:\WINDOWS\win64.exe not found!
File C:\WINDOWS\winajbm.dll not found!
File C:\WINDOWS\window.exe not found!
File C:\WINDOWS\winmgnt.exe not found!
File C:\WINDOWS\winself.exe not found!
File C:\WINDOWS\x.exe not found!
File C:\WINDOWS\xplugin.dll not found!
File C:\WINDOWS\xxxvideo.hta not found!
File C:\WINDOWS\y.exe not found!
File C:\WINDOWS\Αdobe not found!
File C:\WINDOWS\tasks\PMTask.job not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
File C:\Program Files\Common Files\аssembly not found!
[Extra Files]
< Purity >
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.1 fix logfile created on 05282008_091602

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.


Online virus scan:
Could not complete due to DNS issues.

I've attached the latest OTScanIt results...

Attached Files



#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 11:45 AM

Hi Corey Mac. That all looks pretty good. Now let's take a look at the hosts file and see what is in there.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Commandline Commands]
c:\windows\system32\notepad.exe c:\windows\system32\drivers\etc\hosts

A black command prompt window should open and then Notepad should open with the contents of the hosts file loaded in it. Copy/paste that information back here.

Once you close the Notepad window, a dialog stating that the fix is complete will appear. Click Ok and then just close the new Notepad window that opens up. We do not need anything from this second Notepad windows.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 12:05 PM

OT:

Here is the HOSTS contents taken from running OTScanIt with your commands...

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
192.168.1.104 HP000D9D02938C
192.168.1.105 HP0017A430D3EB
212.96.161.226 download.avg.com
64.74.243.15 www.grisoft.com
85.12.57.107 www.kaspersky.com
85.12.57.107 usa.kaspersky.com

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 12:34 PM

Hi Corey Mac. There is nothing getting blocked or redirected. It might be the dns cache is corrupt. Let's clean it out.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Commandline Commands]
ipconfig /flushdns

The fix should only take a very short time. A black command prompt window will open where the commands will be processed. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 01:36 PM

Sorry for the slow reply .. I wanted to look at some other things as well in case it helps you ...

nslookup returns the correct IP, but ping, browsing, and tracerte all return localhost for some domains.
my device list is empty

below is the flush dns report ... odd localhost behavior still there for select sites.


[Commandline Commands]
< ipconfig /flushdns >


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.

< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.1 fix logfile created on 05282008_143102

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 02:16 PM

Hi Corey Mac. What do you mean by "my device list is empty". What device list?

Try this:

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Commandline Commands]
ipconfig /all

The fix should only take a very short time. A black command prompt window will open where the commands will be processed. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 02:45 PM

Hey OldTimer ..

I opened Device Manager to see if there was some setting on the network cards that pointed to another lookup source in TCP/IP. And, there were no devices shown in the list.

But, on to your query .... the ipconfig /all output:


[Commandline Commands]
< ipconfig /all >


Windows IP Configuration



Host Name . . . . . . . . . . . . : LisaMac

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nc.rr.com



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : nc.rr.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-16-6F-C2-F7-02

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 24.25.5.148

24.25.5.147

Lease Obtained. . . . . . . . . . : Wednesday, May 28, 2008 2:26:22 PM

Lease Expires . . . . . . . . . . : Thursday, May 29, 2008 2:26:22 PM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-16-D3-31-B9-51



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-16-CF-E0-5A-75

< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.1 fix logfile created on 05282008_153639

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 28 May 2008 - 03:12 PM

Hi Corey Mac. That looks Ok. It could probably be that RoadRunner's servers are incorrect or the sites might be in the restricted zone. Either go into IE's properties and look at the restricted sites to see if the sites you cannot get to are listed as restricted or give me a list of the sites and we can do a search for them.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Corey Mac

Corey Mac
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chapel Hill, NC
  • Local time:11:32 PM

Posted 28 May 2008 - 03:28 PM

Hey OT:

Here are some example sites in ping and nslookup that show what I was describing:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Lisa McEntyre>ping www.yahoo.com

Pinging www.yahoo-ht3.akadns.net [69.147.76.15] with 32 bytes of data:

Reply from 69.147.76.15: bytes=32 time=17ms TTL=55
Reply from 69.147.76.15: bytes=32 time=31ms TTL=55
Reply from 69.147.76.15: bytes=32 time=15ms TTL=55
Reply from 69.147.76.15: bytes=32 time=32ms TTL=55

Ping statistics for 69.147.76.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 32ms, Average = 23ms

C:\Documents and Settings\Lisa McEntyre>ping www.norton.com

Pinging localhost [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Lisa McEntyre>ping www.google.com

Pinging www.l.google.com [209.85.165.104] with 32 bytes of data:

Reply from 209.85.165.104: bytes=32 time=131ms TTL=245
Reply from 209.85.165.104: bytes=32 time=53ms TTL=245
Reply from 209.85.165.104: bytes=32 time=25ms TTL=245
Reply from 209.85.165.104: bytes=32 time=42ms TTL=245

Ping statistics for 209.85.165.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 131ms, Average = 62ms

C:\Documents and Settings\Lisa McEntyre>ping support.f-secure.com

Pinging localhost [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Lisa McEntyre>nslookup
Default Server: dns-cac-lb-03.southeast.rr.com
Address: 24.25.5.148

> support.f-secure.com
Server: dns-cac-lb-03.southeast.rr.com
Address: 24.25.5.148

Non-authoritative answer:
Name: a1117.g.akamai.net
Addresses: 24.25.26.10, 24.25.26.58
Aliases: support.f-secure.com, f-secure.com.edgesuite.net

> www.norton.com
Server: dns-cac-lb-03.southeast.rr.com
Address: 24.25.5.148

Non-authoritative answer:
Name: www.norton.com.nc.rr.com
Address: 24.28.193.9

> exit

C:\Documents and Settings\Lisa McEntyre>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users