Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

On windows XP SP3 start - Command prompt message: The operation has completed successfully (4x)


  • This topic is locked This topic is locked
2 replies to this topic

#1 misterdan

misterdan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 07 July 2009 - 02:28 PM

Hello,

when I start my computer (Windows XP SP3) I get a command prompt window stating:

The operation has completed successfully

The operation has completed successfully

The operation has completed successfully

The operation has completed successfully


The command prompt location is: "C:\Documents and Settings\[my login name]\Local Settings\Temp" and the file is called 599.exe

I'm not sure what this file is, I scanned with Norton Internet Security 2009 and it did not detect a virus. I've scanned my computer with Spybot search and destroy and NIS to see if I have any virus's or spyware etc. nothing comes up.

Below is the DSS.txt file, attached is the attach file.

I've removed any instances of my login name and replaced it with "[login name]" the weird thing is the 599.exe process running the in background and the very very odd thing is the folder which has random numbers and then my full name "C:\Program Files\1218164934" as processes. Folder contains: "[full name]1218164934L.exe", "[full name]1218164934W.exe" and a folder with my full name. inside that folder are the following files: "1218164934.box1", "1218164934.box2", "1218164934.box3", "12181649341", "12181649342". I have also scanned this folder, and nothing has come up.

Looking at the attach file I see that nero has created a sidebyside error and it generates the error message of "The operation completed successfully. ." which is the problem I'm getting.

Question is threefold:
1. Is that error I see in the attach file the same as the error I'm getting on command prompt (I think it is), either way does anyone know how I would be able to fix it?

2. What is this 599.exe file?

3. What is this folder in my program files directory that has my name on it and the numbered files with no extension and with the .box extension/s. which I found out existed by the Hijack this log.

Thank you in advance for your help.

DDS (Ver_09-06-26.01) - NTFSx86
Run by [login name] at 15:02:21.17 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1168 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\[login name]\LOCALS~1\Temp\559.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\[login name]\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:5656
mWinlogon: Taskman=c:\recycler\s-1-5-21-6298880076-1780160107-282149460-9079\rundll32.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe
uRun: [Win32 Firewall] c:\docume~1\[login name]\locals~1\temp\559.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [vmware-tray] d:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [Win32 Firewall] c:\docume~1\[login name]\locals~1\temp\559.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218175217171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\[login name]\applic~1\mozilla\firefox\profiles\oi2enew6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.cnn.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-24 310320]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-24 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090703.001\IDSXpx86.sys [2009-7-6 276344]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [2007-2-21 80232]
R2 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-24 258608]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-24 115560]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-24 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090706.053\NAVENG.SYS [2009-7-7 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090706.053\NAVEX15.SYS [2009-7-7 876144]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S2 .1218164934;1218164934;c:\program files\1218164934\[FULL NAME]1218164934L.exe [2009-4-17 419552]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-5-7 3567]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2008-8-30 25952]

=============== Created Last 30 ================

2009-07-04 19:06 55,856 -----r-- c:\windows\system32\vnetinst.dll
2009-07-04 19:06 16,560 -----r-- c:\windows\system32\drivers\vmnetadapter.sys
2009-07-04 19:06 326,192 -------- c:\windows\system32\vmnetdhcp.exe
2009-07-04 19:06 399,920 -------- c:\windows\system32\vmnat.exe
2009-07-04 19:06 26,288 -------- c:\windows\system32\drivers\vmnetuserif.sys
2009-07-04 19:06 50,736 -----r-- c:\windows\system32\vmnetbridge.dll
2009-07-04 19:06 31,280 -----r-- c:\windows\system32\drivers\vmnetbridge.sys
2009-07-04 19:06 18,736 -----r-- c:\windows\system32\drivers\vmnet.sys
2009-07-04 19:05 723,504 -------- c:\windows\system32\vnetlib.dll
2009-07-04 19:05 23,216 -------- c:\windows\system32\drivers\VMkbd.sys
2009-07-04 17:07 <DIR> --d----- c:\program files\VMware
2009-07-04 08:51 <DIR> --d----- c:\program files\Secunia
2009-06-17 08:20 12,648 -------- c:\windows\system32\drivers\psi_mf.sys
2009-06-09 19:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 19:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digital Anarchy

==================== Find3M ====================

2009-05-24 17:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-24 17:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-24 17:37 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-24 17:37 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-24 17:37 36,400 -----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-21 11:33 410,984 -------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 -------- c:\windows\system32\rpcrt4.dll
2008-06-20 15:01 2,628,728 -------- c:\program files\common files\PortraiturePluginSetup1010.exe
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-11-06 00:55 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-11-06 00:55 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-11-06 00:55 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:04:11.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 misterdan

misterdan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 08 July 2009 - 10:10 PM

on the next restart my computer went haywire. I guess I needed a restart to figure out the problem. 'Advanced virus remover' was the problem, spybot search and destroy cleaned it all out. I cleaned out my temp folder to stop the 599.exe (nero was not the problem as I uninstalled it and still received the screen). I edited the start menu items to take out 599.exe and a file called winupdate.exe which was also put there along with another file similar to it that had been put in my prefetch folder with a .pf extension. I deleted the [my full name] folder and misc. files in there by booting into linux. Also I had this problem ( hxxp://answers.yahoo.com/question/index?qid=20090708110026AAvP5bk ) I followed the directions

Download LSPFix.exe from http://www.cexx.org/lspfix.htm and run. Check Off <I know what I'm doing...> Move Winhelper.dll to the Remove side. Click Finish. Reboot.


I should have guessed something like that was up since firefox worked fine (except for that problem) and IE couldn't even connect.

Hope that helps anyone with the same problem as me!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 12 July 2009 - 11:33 AM

Hello

Thank you for letting us know. I'm glad that your computer problems appear to be fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

To others reading this topic: Please note that what may remove the malware from one computer may not work on another and in fact may cause serious harm to another computer.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users