Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)


  • This topic is locked This topic is locked
12 replies to this topic

#1 anetrev

anetrev

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 22 June 2008 - 04:12 PM

Quietman7 sent me here after he helped me remove all the adware and trojans from my computer.... I recieve a message box that states:
Windows can not open this file:
File: (name of file )

To open this file Windows needs to know what program created it. Windows can go online and look for it automatically, or you can manually select from a list of programs on your computer.

What do you want to do?
Use a web service to find an appropriate program

Select from a list

This box pops up after every program I click on except IE, AOL, Recycle Bin, & My Computer
I think that my automatic updates have started again because earlier I saw the the Yellow diamond in my task bar. But its not there now. I had to fiddle around in my : My computer folder to find the appropriate file to open programs on my desk top ... The pics from the icons on my desktop are changed to that little white box with red and blue lil dialog box..
Please help me!!!!!!!!!!


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-22 16:45:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-06-22 20:45:37 UTC - RP1784 - Deckard's System Scanner Restore Point
49: 2008-06-22 18:09:37 UTC - RP1783 - System Checkpoint
48: 2008-06-21 17:19:33 UTC - RP1782 - Restore Operation
47: 2008-06-20 17:31:19 UTC - RP1781 - System Checkpoint
46: 2008-06-19 16:46:18 UTC - RP1780 - System Checkpoint


-- First Restore Point --
1: 2008-05-15 01:57:49 UTC - RP1735 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 16:47:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\PackethSvc.exe
C:\WINDOWS\SYSTEM32\dllhost.exe
C:\Program Files\mcafee.com\Agent\Mcdetect.exe
C:\Program Files\mcafee.com\VSO\McShield.exe
C:\Program Files\mcafee.com\Agent\McTskshd.exe
C:\Program Files\mcafee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
C:\Program Files\mcafee.com\VSO\mcvsshld.exe
C:\Program Files\mcafee.com\VSO\McVSEscn.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\dmadmin.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Common Files\AOL\1211590469\ee\aolsoftware.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lotterypost.com/forum/3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907} - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M44OI8Q8\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {E60A96EE-9C19-4CCB-A716-2665CB3809Fe} - (no file)
O2 - BHO: {75163809-9eab-89db-1854-c9af090840ce} - {ec048090-fa9c-4581-bd98-bae990836157} - C:\WINDOWS\SYSTEM32\tcnwmkuh.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\mcafee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [Igl] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://search-soft.net (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111113457} () - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} () - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} () - file://c:\x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210893136734
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210989330546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/.../yiebio4029.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{A0F3549F-A6F5-419F-B32D-3F976AA07F8C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E09FF6F1-A6FA-474D-8D69-B393B98DA065}: NameServer = 205.188.146.145
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\mcafee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\SYSTEM32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe


--
End of file - 9436 bytes

-- File Associations -----------------------------------------------------------

.bat - unable to read key
.bat - unable to read key
.bat - unable to read key
.com - unable to read key
.com - unable to read key
.exe - unable to read key
.exe - unable to read key
.lnk - unable to read key
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

S2 WinToolsSvc (WinTools for IE service) - c:\program files\common files\wintools\wtoolss.exe (file missing)
S4 TBPSSvc (WebSeach Toolbar support NT service) - c:\progra~1\toolbar\tbpssvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP11\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP11\0000
Service: HPFECP11


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 10:25:02 300 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 15:06:08 0 d-------- C:\WINDOWS\ERUNT
2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-22 14:59:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-22 14:59:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-22 14:59:00 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-22 00:49:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-22 00:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:48:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 19:31:19 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-21 18:42:41 0 d-------- C:\Program Files\CCleaner
2008-06-21 18:21:51 0 d-------- C:\VundoFix Backups
2008-06-21 15:48:41 99328 --a------ C:\WINDOWS\system32\tcnwmkuh.dll
2008-06-20 21:35:28 90112 --a------ C:\WINDOWS\system32\lhjbodol.dll
2008-06-19 21:33:44 90112 --a------ C:\WINDOWS\system32\wttepfqe.dll
2008-06-17 21:30:32 90112 --a------ C:\WINDOWS\system32\fggureyw.dll
2008-06-16 18:50:52 90112 --a------ C:\WINDOWS\system32\rvvfxlrl.dll
2008-06-15 18:42:58 90112 --a------ C:\WINDOWS\system32\bjavnnkf.dll
2008-06-14 21:45:16 99328 --a------ C:\WINDOWS\system32\jnsrlcyr.dll
2008-06-13 21:26:29 99328 --a------ C:\WINDOWS\system32\yuavewtj.dll
2008-06-13 21:17:28 89600 --a------ C:\WINDOWS\system32\wqarowmr.dll
2008-06-10 22:39:17 145 --a------ C:\WINDOWS\system32\winver.bat
2008-06-08 22:24:38 0 d-------- C:\Program Files\7-Zip
2008-06-05 17:21:35 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 17:20:55 0 d-------- C:\Program Files\Windows Live
2008-06-05 17:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 16:29:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-05 16:23:37 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-05 16:23:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-05 14:59:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-05 03:53:48 0 d-------- C:\Program Files\Shareaza
2008-06-05 03:53:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Shareaza
2008-06-03 22:55:44 0 d-------- C:\Program Files\Traysoft
2008-06-03 20:28:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2008-05-30 20:12:01 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 04:28:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 11:24:40 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-05-23 20:54:02 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP


-- Find3M Report ---------------------------------------------------------------

2008-06-15 15:19:52 0 d-------- C:\Program Files\PC-Doctor for Windows XP
2008-06-11 18:25:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-11 16:42:51 0 d-a------ C:\Program Files\Common Files
2008-06-11 16:42:13 0 d-------- C:\Program Files\HP DeskJet 810C Series
2008-06-11 16:38:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:34:56 0 d-------- C:\Program Files\Common Files\Motive
2008-06-04 00:11:47 0 d-------- C:\Program Files\Common Files\AOL
2008-05-31 02:17:46 0 d-------- C:\Program Files\My Movies
2008-05-31 02:07:27 0 d-------- C:\Program Files\America Online 9.0
2008-05-30 20:12:09 0 d-------- C:\Program Files\HP
2008-05-26 03:19:39 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-05-24 11:23:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-05-23 18:36:19 0 d-------- C:\Program Files\Common Files\midaddle
2008-05-22 01:36:01 0 d-------- C:\Program Files\microsoft frontpage
2008-05-21 22:59:15 106680 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-21 22:52:37 0 d-------- C:\Program Files\Print Workshop 2004 LE
2008-05-21 22:51:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 22:46:15 0 d-------- C:\Program Files\Business Card Workshop
2008-05-21 22:44:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 17:15:08 0 d-------- C:\Program Files\Logitech
2008-05-20 17:13:50 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-16 17:14:54 123996 --a------ C:\WINDOWS\HPHins12.dat
2008-05-16 17:14:28 0 d-------- C:\Documents and Settings\Owner\Application Data\HP
2008-05-16 17:09:16 0 d-------- C:\Program Files\Common Files\HP
2008-05-16 17:06:17 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-13 20:59:52 0 d-------- C:\Program Files\AOL Companion
2008-05-13 20:59:50 0 d-------- C:\Program Files\Common Files\aolshare
2008-05-13 19:52:43 0 d-------- C:\Program Files\Common Files\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907}]
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M44OI8Q8\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E60A96EE-9C19-4CCB-A716-2665CB3809Fe}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec048090-fa9c-4581-bd98-bae990836157}]
06/21/2008 03:49 PM 99328 --a------ C:\WINDOWS\system32\tcnwmkuh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM]
"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [08/13/2001 11:23 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [05/10/2004 08:40 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/23/2005 03:47 PM]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [09/16/2004 05:15 PM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [06/19/2008 05:47 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 06:29 PM]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Igl"="C:\WINDOWS\System32\l?ass.exe" [08/04/2004 01:56 AM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [05/20/2008 05:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - C:\Program Files\hp center\137903\Shadow\ShadowBar.exe [11/6/2001 10:46:15 PM]
hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [11/6/2001 10:46:17 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bj62Sp77U]
C:\documents and settings\owner\local settings\temp\Bj62Sp77U.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ntsij]
C:\documents and settings\owner\local settings\temp\Ntsij.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yne32o]
C:\documents and settings\owner\local settings\temp\Yne32o.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TBPSSvc"=3 (0x3)
"MyWebSearchService"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-22 16:51:19 ------------


Attached is the extra.txt file from DeckardAttached File  extra.txt   19.11KB   33 downloads

Edited by anetrev, 22 June 2008 - 04:14 PM.

Thank you so much for caring! "Small things determine major decisions"

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 25 June 2008 - 04:43 PM

Hello anetrev and welcome to BC. It looks like vundo is still in there along with some other fun little things. Let's see what else we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - File Associations
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 25 June 2008 - 11:09 PM

Thanks for Helping me OT Attached is the information you requestedAttached File  OTScanIt.Txt   173.39KB   8 downloads
Thank you so much for caring! "Small things determine major decisions"

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 26 June 2008 - 09:35 AM

Hi anetrev. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
TBPSSvc
WinToolsSvc
Files to delete:
%commonprogramfiles%\wintools\wtoolss.exe
%programfiles%\marketbrowser\lmt\marketbrowser_launch.xpy
%systemdrive%\progra~1\toolbar\tbpssvc.exe
%systemroot%\bm9f1851d4.xml
%systemroot%\pskt.ini
%systemroot%\system32\aqtctked.ini
%systemroot%\system32\bjavnnkf.dll
%systemroot%\system32\fggureyw.dll
%systemroot%\system32\jnsrlcyr.dll
%systemroot%\system32\lhjbodol.dll
%systemroot%\system32\mollpphq.ini
%systemroot%\system32\mwuyinpi.ini
%systemroot%\system32\rvvfxlrl.dll
%systemroot%\system32\taieuhqj.ini
%systemroot%\system32\tcnwmkuh.dll
%systemroot%\system32\vfvieyhi.ini
%systemroot%\system32\wqarowmr.dll
%systemroot%\system32\wttepfqe.dll
%systemroot%\system32\yuavewtj.dll
%userprofile%\start menu\programs\startup\autoplay.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (TBPSSvc) WebSeach Toolbar support NT service [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\Toolbar\TBPSSvc.exe
YY -> (WinToolsSvc) WinTools for IE service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\WinTools\WToolsS.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SDFix -> %SystemDrive%\SDFix\RunThis.bat [C:\SDFix\RunThis.bat /second]
YN -> WildTangent CDA -> [RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
NY -> ~EmptyValue -> %UserProfile%\Start Menu\Programs\Startup\AutoPlay.exe
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> about:blank
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M44OI8Q8\3077ahntdksr[1].dll [Reg Error: Value  does not exist or could not be read.]
YN -> {E60A96EE-9C19-4CCB-A716-2665CB3809Fe} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {ec048090-fa9c-4581-bd98-bae990836157} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\tcnwmkuh.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {12EE7A5E-0674-42f9-A76B-000000004D00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {339BB23F-A864-48C0-A59F-29EA915965EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {17A27031-71FC-11d4-815C-005004D0F1FA}:Exec -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> tpro:{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {11111111-1111-1111-1111-111111113457}[HKEY_LOCAL_MACHINE] -> file://c:\ied_s7m.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {11111111-1111-1111-1111-511111113457}[HKEY_LOCAL_MACHINE] -> file://c:\x.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {11111111-1111-1111-1111-511111113458}[HKEY_LOCAL_MACHINE] -> file://c:\x.cab[Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YN -> ICATI -> 
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\TBPS.exe -> %ProgramFiles%\Toolbar\TBPS.exe [C:\Program Files\Toolbar\TBPS.exe:*:Enabled:WebSearch Toolbar]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\PIB.exe -> %ProgramFiles%\Toolbar\PIB.exe [C:\Program Files\Toolbar\PIB.exe:*:Enabled:WebSearch Toolbar]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\TBPSSvc.exe -> %ProgramFiles%\Toolbar\TBPSSvc.exe [C:\Program Files\Toolbar\TBPSSvc.exe:*:Enabled:WebSearch Toolbar Service]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\CT5Upd.exe -> %ProgramFiles%\Toolbar\CT5Upd.exe [C:\Program Files\Toolbar\CT5Upd.exe:*:Enabled:WebSearch Toolbar Plugin]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe -> %CommonProgramFiles%\AOL\TopSpeed\3.0\aoltpsd3.exe [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1211590469\ee\AOLDesktop.exe -> %CommonProgramFiles%\AOL\1211590469\ee\AOLDesktop.exe [C:\Program Files\Common Files\AOL\1211590469\ee\AOLDesktop.exe:*:Enabled:AOL Desktop]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe -> %SystemDrive%\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe [C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
YN -> .bat [@ = Reg Error: Value  does not exist or could not be read.] -> Reg Error: Key does not exist or could not be opened.
YN -> .com [@ = Reg Error: Value  does not exist or could not be read.] -> Reg Error: Key does not exist or could not be opened.
YN -> .exe [@ = Reg Error: Value  does not exist or could not be read.] -> Reg Error: Key does not exist or could not be opened.
YN -> .pif [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened.
YN -> .reg [@ = Reg Error: Value  does not exist or could not be read.] -> Reg Error: Key does not exist or could not be opened.
YN -> .scr [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened.
[Files/Folders - Created Within 30 days]
NY -> aqtctked.ini -> %SystemRoot%\System32\aqtctked.ini
NY -> bjavnnkf.dll -> %SystemRoot%\System32\bjavnnkf.dll
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> fggureyw.dll -> %SystemRoot%\System32\fggureyw.dll
NY -> jnsrlcyr.dll -> %SystemRoot%\System32\jnsrlcyr.dll
NY -> lhjbodol.dll -> %SystemRoot%\System32\lhjbodol.dll
NY -> mollpphq.ini -> %SystemRoot%\System32\mollpphq.ini
NY -> mwuyinpi.ini -> %SystemRoot%\System32\mwuyinpi.ini
NY -> rvvfxlrl.dll -> %SystemRoot%\System32\rvvfxlrl.dll
NY -> taieuhqj.ini -> %SystemRoot%\System32\taieuhqj.ini
NY -> tcnwmkuh.dll -> %SystemRoot%\System32\tcnwmkuh.dll
NY -> vfvieyhi.ini -> %SystemRoot%\System32\vfvieyhi.ini
NY -> wqarowmr.dll -> %SystemRoot%\System32\wqarowmr.dll
NY -> wttepfqe.dll -> %SystemRoot%\System32\wttepfqe.dll
NY -> yuavewtj.dll -> %SystemRoot%\System32\yuavewtj.dll
NY -> BM9f1851d4.xml -> %SystemRoot%\BM9f1851d4.xml
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> AutoPlay.exe -> %UserProfile%\Start Menu\Programs\Startup\AutoPlay.exe
[Files/Folders - Modified Within 30 days]
NY -> aqtctked.ini -> %SystemRoot%\System32\aqtctked.ini
NY -> bjavnnkf.dll -> %SystemRoot%\System32\bjavnnkf.dll
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> fggureyw.dll -> %SystemRoot%\System32\fggureyw.dll
NY -> jnsrlcyr.dll -> %SystemRoot%\System32\jnsrlcyr.dll
NY -> lhjbodol.dll -> %SystemRoot%\System32\lhjbodol.dll
NY -> mollpphq.ini -> %SystemRoot%\System32\mollpphq.ini
NY -> mwuyinpi.ini -> %SystemRoot%\System32\mwuyinpi.ini
NY -> rvvfxlrl.dll -> %SystemRoot%\System32\rvvfxlrl.dll
NY -> taieuhqj.ini -> %SystemRoot%\System32\taieuhqj.ini
NY -> tcnwmkuh.dll -> %SystemRoot%\System32\tcnwmkuh.dll
NY -> vfvieyhi.ini -> %SystemRoot%\System32\vfvieyhi.ini
NY -> wqarowmr.dll -> %SystemRoot%\System32\wqarowmr.dll
NY -> wttepfqe.dll -> %SystemRoot%\System32\wttepfqe.dll
NY -> yuavewtj.dll -> %SystemRoot%\System32\yuavewtj.dll
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM9f1851d4.xml -> %SystemRoot%\BM9f1851d4.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Extra Files]
%SystemDrive%\PROGRA~1\Toolbar\
%CommonProgramFiles%\WinTools\
c:\ied_s7m.cab
c:\x.cab
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 28 June 2008 - 11:08 PM

OT
I am so sorry it took me so long to reply, turns out me and my computer had a virus :thumbsup: .. any way thanks for all your help so far, I greatly appreciate your help. Here's the information that you requested:
Avenger Report:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sat Jun 28 14:02:40 2008

14:01:51: Error: Could not execute registry backup. (error 1155: no application is associated with the specified file for this operation.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TBPSSvc" not found!
Deletion of driver "TBPSSvc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\WinToolsSvc" not found!
Deletion of driver "WinToolsSvc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Program Files\Common Files\wintools\wtoolss.exe"
Deletion of file "C:\Program Files\Common Files\wintools\wtoolss.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\Program Files\marketbrowser\lmt\marketbrowser_launch.xpy" not found!
Deletion of file "C:\Program Files\marketbrowser\lmt\marketbrowser_launch.xpy" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\progra~1\toolbar\tbpssvc.exe"
Deletion of file "C:\progra~1\toolbar\tbpssvc.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\bm9f1851d4.xml" not found!
Deletion of file "C:\WINDOWS\bm9f1851d4.xml" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\pskt.ini" not found!
Deletion of file "C:\WINDOWS\pskt.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\aqtctked.ini" not found!
Deletion of file "C:\WINDOWS\system32\aqtctked.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\bjavnnkf.dll" not found!
Deletion of file "C:\WINDOWS\system32\bjavnnkf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\fggureyw.dll" not found!
Deletion of file "C:\WINDOWS\system32\fggureyw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\jnsrlcyr.dll" not found!
Deletion of file "C:\WINDOWS\system32\jnsrlcyr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\lhjbodol.dll" not found!
Deletion of file "C:\WINDOWS\system32\lhjbodol.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mollpphq.ini" not found!
Deletion of file "C:\WINDOWS\system32\mollpphq.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mwuyinpi.ini" not found!
Deletion of file "C:\WINDOWS\system32\mwuyinpi.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\rvvfxlrl.dll" not found!
Deletion of file "C:\WINDOWS\system32\rvvfxlrl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\taieuhqj.ini" not found!
Deletion of file "C:\WINDOWS\system32\taieuhqj.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\tcnwmkuh.dll" not found!
Deletion of file "C:\WINDOWS\system32\tcnwmkuh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\vfvieyhi.ini" not found!
Deletion of file "C:\WINDOWS\system32\vfvieyhi.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wqarowmr.dll" not found!
Deletion of file "C:\WINDOWS\system32\wqarowmr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wttepfqe.dll" not found!
Deletion of file "C:\WINDOWS\system32\wttepfqe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\yuavewtj.dll" not found!
Deletion of file "C:\WINDOWS\system32\yuavewtj.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\Owner\start menu\programs\startup\autoplay.exe" not found!
Deletion of file "C:\Documents and Settings\Owner\start menu\programs\startup\autoplay.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OtScanIt Log

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Unable to stop service TBPSSvc .
Unable to delete service TBPSSvc .
File C:\PROGRA~1\Toolbar\TBPSSvc.exe not found.
Unable to stop service WinToolsSvc .
Unable to delete service WinToolsSvc .
File C:\Program Files\Common Files\WinTools\WToolsS.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SDFix not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WildTangent CDA not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E60A96EE-9C19-4CCB-A716-2665CB3809Fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E60A96EE-9C19-4CCB-A716-2665CB3809Fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec048090-fa9c-4581-bd98-bae990836157}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec048090-fa9c-4581-bd98-bae990836157}\ not found.
File C:\WINDOWS\SYSTEM32\tcnwmkuh.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{12EE7A5E-0674-42f9-A76B-000000004D00} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{339BB23F-A864-48C0-A59F-29EA915965EC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A27031-71FC-11d4-815C-005004D0F1FA}\ not found.
File C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tpro\ not found.
Starting removal of ActiveX control {11111111-1111-1111-1111-111111113457}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111113457}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111113457}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111113457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-111111113457}\ not found.
Starting removal of ActiveX control {11111111-1111-1111-1111-511111113457}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113457}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113457}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-511111113457}\ not found.
Starting removal of ActiveX control {11111111-1111-1111-1111-511111113458}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113458}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113458}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-511111113458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-511111113458}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ICATI .
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\TBPS.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\PIB.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\TBPSSvc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Toolbar\CT5Upd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1211590469\ee\AOLDesktop.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\\'' not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\\'' not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\'' not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\\'' not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\aqtctked.ini not found!
File C:\WINDOWS\System32\bjavnnkf.dll not found!
File C:\WINDOWS\System32\fggureyw.dll not found!
File C:\WINDOWS\System32\jnsrlcyr.dll not found!
File C:\WINDOWS\System32\lhjbodol.dll not found!
File C:\WINDOWS\System32\mollpphq.ini not found!
File C:\WINDOWS\System32\mwuyinpi.ini not found!
File C:\WINDOWS\System32\rvvfxlrl.dll not found!
File C:\WINDOWS\System32\taieuhqj.ini not found!
File C:\WINDOWS\System32\tcnwmkuh.dll not found!
File C:\WINDOWS\System32\vfvieyhi.ini not found!
File C:\WINDOWS\System32\wqarowmr.dll not found!
File C:\WINDOWS\System32\wttepfqe.dll not found!
File C:\WINDOWS\System32\yuavewtj.dll not found!
File C:\WINDOWS\BM9f1851d4.xml not found!
File C:\WINDOWS\pskt.ini not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\aqtctked.ini not found!
File C:\WINDOWS\System32\bjavnnkf.dll not found!
File C:\WINDOWS\System32\fggureyw.dll not found!
File C:\WINDOWS\System32\jnsrlcyr.dll not found!
File C:\WINDOWS\System32\lhjbodol.dll not found!
File C:\WINDOWS\System32\mollpphq.ini not found!
File C:\WINDOWS\System32\mwuyinpi.ini not found!
File C:\WINDOWS\System32\rvvfxlrl.dll not found!
File C:\WINDOWS\System32\taieuhqj.ini not found!
File C:\WINDOWS\System32\tcnwmkuh.dll not found!
File C:\WINDOWS\System32\vfvieyhi.ini not found!
File C:\WINDOWS\System32\wqarowmr.dll not found!
File C:\WINDOWS\System32\wttepfqe.dll not found!
File C:\WINDOWS\System32\yuavewtj.dll not found!
File C:\WINDOWS\BM9f1851d4.xml not found!
File C:\WINDOWS\pskt.ini not found!
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
[Extra Files]
< %SystemDrive%\PROGRA~1\Toolbar\ >
File/Folder C:\PROGRA~1\Toolbar not found.
< %CommonProgramFiles%\WinTools\ >
File/Folder C:\Program Files\Common Files\WinTools not found.
< c:\ied_s7m.cab >
File/Folder c:\ied_s7m.cab not found.
< c:\x.cab >
File/Folder c:\x.cab not found.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
RecycleBin -> emptied.
Unable to start explorer.exe
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.16 fix logfile created on 06262008_162507


KAPERSKY ONLINE REPORT

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 28, 2008 22:46:27
Records in database: 896006
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 90693
Threat name: 2
Infected objects: 14
Suspicious objects: 0
Duration of the scan: 04:05:05


File name / Threat name / Threats count
C:\Avenger\BJAVNNKF.0LL Infected: Trojan.Win32.Monder.qx 1
C:\Avenger\FGGUREYW.0LL Infected: Trojan.Win32.Monder.qx 1
C:\Avenger\LHJBODOL.0LL Infected: Trojan.Win32.Monder.qx 1
C:\Avenger\RVVFXLRL.0LL Infected: Trojan.Win32.Monder.qx 1
C:\Avenger\TCNWMKUH.0LL Infected: Trojan.Win32.Monder.zj 1
C:\Avenger\WTTEPFQE.0LL Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1782\A0096662.0LL Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1782\A0096672.0LL Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1782\A0096681.0LL Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1789\A0099836.dll Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1789\A0099837.dll Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1789\A0099838.dll Infected: Trojan.Win32.Monder.qx 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1789\A0099839.dll Infected: Trojan.Win32.Monder.zj 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1789\A0099840.dll Infected: Trojan.Win32.Monder.qx 1

The selected area was scanned.

Attached File  OTScanIt.Txt   82.57KB   4 downloads
Thank you so much for caring! "Small things determine major decisions"

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 28 June 2008 - 11:24 PM

Hi anetrev. Everything looks fine as far as malware goes. How's the system running? If it's fine then go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 29 June 2008 - 01:01 PM

OT
The extension to open files from my desktop are still missing...how do I get them back??
Thank you so much for caring! "Small things determine major decisions"

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 29 June 2008 - 05:19 PM

Hi anetrev.

The extension to open files from my desktop are still missing...how do I get them back??

What does that mean?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 29 June 2008 - 07:38 PM

OT
Thanks for all your help, i got the icons on my desktop right :thumbsup: , so just ignore that last post by me... I greatly appreciated all the hard work and time you put into helping me fix my computer. :)
Hopefully from now on I can keep my computer virus free. :thumbup2:
Thank you so much for caring! "Small things determine major decisions"

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 01 July 2008 - 10:24 AM

Glad to hear it anetrev. Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 03 July 2008 - 10:17 PM

OT
Thank you so much for all your help... my computer has been running just fine :thumbsup:

Thank you again
Anetrev :)
Thank you so much for caring! "Small things determine major decisions"

#12 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:10:08 PM

Posted 03 July 2008 - 10:21 PM

:thumbsup: I did do what u asked me to do (clean up, system restore, etc) forgot to mention it in the last post!!
Thank you so much for caring! "Small things determine major decisions"

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:08 PM

Posted 04 July 2008 - 05:45 PM

You are very welcome anetrev, I'm glad that we could help. You should be all set then.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users