FAO Dr Inferno as req (post 1)

View previous topic View next topic Go down

Solved FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Tue Jan 06, 2009 8:31 am

Hi Doc,

As requested please find enclosed hijackthis & uninstaller info as req by your good self in the 'operating systems' forum. This was in connection to the browser crashes, hundreds of Internet Explorer Script Errors & perhaps Java issues. Thanks in advance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:28:12, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpztbx12.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\G28NNC92\hijackgpthis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinDNN] "C:\Documents and Settings\James\Application Data\Google\klnxv19819115.exe" 2
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Cont...

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Fao Dr Inferno as req (Post 2)

Post by flashthedeveloper on Tue Jan 06, 2009 8:33 am

Cont...

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0219591231162571) (0219591231162571mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\021959~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 14368 bytes

UNINSTALLER LIST:

Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Apple Mobile Device Support
Apple Software Update
ARTEuro
Bonjour
Broadcom Management Programs
BT Broadband Desktop Help
BT Home Hub
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
CinepPlayer 30 Update
Conexant HDA D110 MDC V.92 Modem
Digital Line Detect
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Ladbrokes Poker
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Uninstaller
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Reader
Microsoft Works 7.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mWMI
mXML
MyWay Search Assistant
mZConfig
NetWaiting
OLYMPUS Master
Picasa 3
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
Safari
Samsung PC Studio 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shop for HP Supplies
Sonic Activation Module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3

Thanks in advance.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Tue Jan 06, 2009 1:59 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Viewpoint Media Player



  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [WinDNN] "C:\Documents and Settings\James\Application Data\Google\klnxv19819115.exe" 2

  • Press "Fix Checked"
  • Close Hijack This.


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    C:\Documents and Settings\James\Application Data\Google\klnxv19819115.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Tue Jan 06, 2009 5:59 pm

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\\Documents and Settings\\James\\Application Data\\Google\\klnxv19819115.exe not found.
========== COMMANDS ==========
File delete failed. C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\Perflib_Perfdata_790.dat scheduled to be deleted on reboot.
File delete failed. C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\Perflib_Perfdata_864.dat scheduled to be deleted on reboot.
File delete failed. C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF61BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF8BF6.tmp scheduled to be deleted on reboot.
File delete failed. C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF8C04.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\\WINDOWS\\temp\\mcafee_p00trgjV1FmuYKg scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\mcafee_XpeDModA7toEc4b scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\mcmsc_6GCXdeuKwM4fr2x scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\mcmsc_BdWUqOsnqtNjeAe scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\mcmsc_cGILugsJrUL56Tc scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\mcmsc_oJvf3rZpvpeLJJK scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\Perflib_Perfdata_90.dat scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\sqlite_GCT1mrNfWjUuRm3 scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\sqlite_jKAbvZpBE1zPtRt scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\sqlite_LyF3kGmFrQl7wT0 scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\sqlite_OERDiGNWV8NSJTr scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\sqlite_V917lt8HV65sYd8 scheduled to be deleted on reboot.
File delete failed. C:\\WINDOWS\\temp\\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_174559
Files moved on Reboot...
File C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\Perflib_Perfdata_790.dat not found!
File C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\Perflib_Perfdata_864.dat not found!
File C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF61BD.tmp not found!
File C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF8BF6.tmp not found!
File C:\\DOCUME~1\\James\\LOCALS~1\\Temp\\~DF8C04.tmp not found!
File move failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be moved on reboot.
File C:\\WINDOWS\\temp\\mcafee_p00trgjV1FmuYKg not found!
File C:\\WINDOWS\\temp\\mcafee_XpeDModA7toEc4b not found!
File C:\\WINDOWS\\temp\\mcmsc_6GCXdeuKwM4fr2x not found!
File C:\\WINDOWS\\temp\\mcmsc_BdWUqOsnqtNjeAe not found!
File C:\\WINDOWS\\temp\\mcmsc_cGILugsJrUL56Tc not found!
File C:\\WINDOWS\\temp\\mcmsc_oJvf3rZpvpeLJJK not found!
File C:\\WINDOWS\\temp\\Perflib_Perfdata_90.dat not found!
C:\\WINDOWS\\temp\\sqlite_GCT1mrNfWjUuRm3 moved successfully.
C:\\WINDOWS\\temp\\sqlite_jKAbvZpBE1zPtRt moved successfully.
C:\\WINDOWS\\temp\\sqlite_LyF3kGmFrQl7wT0 moved successfully.
C:\\WINDOWS\\temp\\sqlite_OERDiGNWV8NSJTr moved successfully.
C:\\WINDOWS\\temp\\sqlite_V917lt8HV65sYd8 moved successfully.
File C:\\WINDOWS\\temp\\WFV1.tmp not found!

DDS.txt:

DDS (Version 1.1.0) - NTFSx86
Run by James at 17:58:49.57 on 06/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.493 [GMT 0:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
============== Running Processes ===============
C:\\WINDOWS\\system32\\svchost -k DcomLaunch
svchost.exe
C:\\WINDOWS\\System32\\svchost.exe -k netsvcs
C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\WLKeeper.exe
svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\McAfee\\SiteAdvisor\\McSACore.exe
C:\\PROGRA~1\\McAfee\\MSC\\mcmscsvc.exe
c:\\program files\\common files\\mcafee\\mna\\mcnasvc.exe
c:\\PROGRA~1\\COMMON~1\\mcafee\\mcproxy\\mcproxy.exe
C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcshield.exe
C:\\Program Files\\McAfee\\MPF\\MPFSrv.exe
C:\\Program Files\\McAfee\\MSK\\MskSrver.exe
C:\\Program Files\\Dell\\QuickSet\\NICCONFIGSVC.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
C:\\WINDOWS\\system32\\svchost.exe -k imgsvc
C:\\Program Files\\BT Home Hub\\Wireless Configuration\\WirelessDaemon.exe
C:\\WINDOWS\\Explorer.EXE
c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\WINDOWS\\notepad.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe
C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe
C:\\WINDOWS\\system32\\dla\\tfswctrl.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\WINDOWS\\stsystra.exe
C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe
C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
C:\\PROGRA~1\\Yahoo!\\browser\\ycommon.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpNotifier.exe
C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\btbb_wcm\\McciTrayApp.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\NetWaiting\\netWaiting.exe
C:\\PROGRA~1\\Intel\\Wireless\\Bin\\Dot1XCfg.exe
C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Digital Line Detect\\DLG.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe
C:\\PROGRA~1\\Yahoo!\\YOP\\SSDK02.exe
C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe
C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE
C:\\Documents and Settings\\James\\Desktop\\dds.com

DDS.txt to be continued...

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Tue Jan 06, 2009 6:00 pm

Cont...

============== Pseudo HJT Report ===============
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [eyeBeam SIP Client]
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt broadband desktop help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-14 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-14 40488]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-14 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-14 144704]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-14 33832]
=============== Created Last 30 ================
2009-01-06 17:45 --d----- C:\_OTMoveIt
2009-01-06 08:53 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-06 07:08 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-06 07:08 208,744 a------- c:\windows\system32\muweb.dll
2009-01-06 07:08 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-05 17:09 -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-31 17:58 --d----- c:\docume~1\james\applic~1\Malwarebytes
2008-12-31 17:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-31 17:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 17:58 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-31 17:58 --d----- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2008-12-04 09:26 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-09-30 18:11 71,248 a------- c:\docume~1\james\applic~1\GDIPFONTCACHEV1.DAT
2007-03-12 15:11 88 ---shr-- c:\windows\system32\3B42126D04.sys
2007-03-12 15:11 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 17:59:43.48 ===============

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Tue Jan 06, 2009 6:01 pm

Thanks Belahzur/All.

Really appreciate it.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Tue Jan 06, 2009 7:07 pm

Hello.
Looks better know, don't think that malware file we asked OTMoveIt to kill existed.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Tue Jan 06, 2009 8:54 pm

I'll let you know when I'm back properly surfing tomorrow, Belahzur. It was the hundreds of internet explorer scripts that were doing my head in and the mock and real crashes. Am I fully up to date with Java, mate?

Finally, you guys should get a donation option on this site as I for one would be more than happy to bung a few quid GP's way to say thanks for the help I got on here.

Thanks.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Tue Jan 06, 2009 8:57 pm

Java - If you uninstall the old versions like I asked in my instructions, then yes.
But lets make sure.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Fri Jan 09, 2009 8:16 am

Hi, ok, the number of crashes have definitely dropped. It's probably only happened 2 or 3 times since youguys helped me. But, I keep on getting all the internet explorer script errors. Any ideas?

Thanks.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Fri Jan 09, 2009 8:21 am

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jan 09 08:24:29 2009

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Fri Jan 09, 2009 5:10 pm

I'm glad they have dropped in number.
Is it just the browser freezing up and "crashing" or are you still getting the script errors?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Sat Jan 10, 2009 6:04 pm

It's more the script errors, Belahzur. I'm still getting freezes 2 or 3 times a day, but the script errors are killing me! Is it worth screen dumping a few and mailing them to you? Every time it's a different error message.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Sat Jan 10, 2009 6:08 pm

No.

* Open Internet Explorer
* Open the menu
* Select the <Internet Options> menu item
* Open the tab
* Check the box next to "Disable script debugging
* Remove the check next to "Display a notification about every script error"
* Click the button

See if you still get script error messages.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Mon Jan 12, 2009 9:07 am

Hi again, I did what you asked but those boxes were all ready checked/unchecked as you described.

I must have a bug or something for this to be happeneing? I've run loads of checks and malware removers but these freezes/crashes and loads of script errors keep happening.

Any further ideas, guys?

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Mon Jan 12, 2009 2:22 pm

Can you try Firefox?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Fri Jan 30, 2009 6:18 pm

I have been using Firefox since we last spoke and it's definitely much better, thanks. Only 2 crashes. Much better browser.

But there is definitely something wrong with my laptop. It's just acting differently. Like when I close the laptop it still runs as if the screen was up. Windows Security alerts is telling me automatic updates have been turned off (they haven't) but no matter what I do it won't let me turn them back on again. Mcafee are telling me about the fact it keeps receiving and deleting lots and all manner of trojans, when I swtich the computer off a handful of different windows pop up telling me that it's trying to save stuff, but never actually does so I have to 'end now'

Bet you haven't heard of these type of issues all at the same time before?

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Fri Jan 30, 2009 6:34 pm

Can't say I have.
Please post a new DDS log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Wed Feb 11, 2009 4:32 pm

Apologies for the belated response, Belahzur, I have been away.

Please remind me, what is a DDS log? Is that the hijack this procedure?

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Wed Feb 11, 2009 4:38 pm

Hello Flash.
Were probably back at square 1 now, because the malware has been given a chance to download more while we haven't been doing anything to the machine.
DDS speech is here below the OTMoveIt speech:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Thu Feb 12, 2009 10:02 am

Will do Belahzar .... Yes you're right because almost everytime I log on my mcafee tells me about 10 times that it has quarantined Vendu trojan (or something like that).

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Thu Feb 12, 2009 10:22 am

========= PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\James\Application Data\Google\klnxv19819115.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\etilqs_WA9oFaS3esYa0f8l9hIC scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\Perflib_Perfdata_b98.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\Perflib_Perfdata_e70.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\~DFCEDE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\~DFCEEC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\~DFED31.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\James\LOCALS~1\Temp\~DFED3F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_2ng0tHwe1wjIL8o scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_gB7ZTjmn2z7Bciv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_g1BFNA57M1XCOns scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_kxYeBcSCgQH6Rga scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_WBKVRHcYIUIYedI scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_gsxnO3Ydx5tqEti scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hvNdaC8g5NGfdgT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_V0UHRVD7QzUmbPy scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_yMxB6EFsjywwYT2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_zefKXbPKizlbihN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV6F.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_100758

Files moved on Reboot...
File C:\DOCUME~1\James\LOCALS~1\Temp\etilqs_WA9oFaS3esYa0f8l9hIC not found!
C:\DOCUME~1\James\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\James\LOCALS~1\Temp\Perflib_Perfdata_b98.dat not found!
File C:\DOCUME~1\James\LOCALS~1\Temp\Perflib_Perfdata_e70.dat not found!
File C:\DOCUME~1\James\LOCALS~1\Temp\~DFCEDE.tmp not found!
File C:\DOCUME~1\James\LOCALS~1\Temp\~DFCEEC.tmp not found!
File C:\DOCUME~1\James\LOCALS~1\Temp\~DFED31.tmp not found!
File C:\DOCUME~1\James\LOCALS~1\Temp\~DFED3F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_2ng0tHwe1wjIL8o not found!
C:\WINDOWS\temp\mcafee_gB7ZTjmn2z7Bciv moved successfully.
File C:\WINDOWS\temp\mcmsc_g1BFNA57M1XCOns not found!
File C:\WINDOWS\temp\mcmsc_kxYeBcSCgQH6Rga not found!
File C:\WINDOWS\temp\mcmsc_WBKVRHcYIUIYedI not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat not found!
C:\WINDOWS\temp\sqlite_gsxnO3Ydx5tqEti moved successfully.
C:\WINDOWS\temp\sqlite_hvNdaC8g5NGfdgT moved successfully.
C:\WINDOWS\temp\sqlite_V0UHRVD7QzUmbPy moved successfully.
C:\WINDOWS\temp\sqlite_yMxB6EFsjywwYT2 moved successfully.
C:\WINDOWS\temp\sqlite_zefKXbPKizlbihN moved successfully.
File C:\WINDOWS\temp\WFV6F.tmp not found!
C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\James\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubwsoekn.default\urlclassifier3.sqlite moved successfully.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Thu Feb 12, 2009 10:22 am

DDS (Ver_09-02-01.01) - NTFSx86
Run by James at 10:19:21.40 on 12/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.457 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [eyeBeam SIP Client]
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt broadband desktop help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - [You must be registered and logged in to see this link.]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: khfFXqRI - khfFXqRI.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccBQKaB

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\ubwsoekn.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-14 201320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-14 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-14 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-14 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-14 33832]

=============== Created Last 30 ================

2009-02-10 21:29 69,120 a------- c:\windows\system32\ruqjislq.dll
2009-02-04 09:59 --d----- c:\program files\iPod
2009-02-04 09:59 --d----- c:\program files\iTunes
2009-02-04 09:59 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 18:18 143 a------- c:\windows\system32\mcrh.tmp
2009-01-25 08:44 431,749 a--sh--- c:\windows\system32\BaKQBccf.ini2
2009-01-25 08:44 4,576 a--sh--- c:\windows\system32\BaKQBccf.ini
2009-01-25 08:44 247,808 a------- c:\windows\system32\fccBQKaB.dll.vir

==================== Find3M ====================

2008-12-04 09:26 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-09-30 18:11 71,248 a------- c:\docume~1\james\applic~1\GDIPFONTCACHEV1.DAT
2007-03-12 15:11 88 a--shr-- c:\windows\system32\3B42126D04.sys
2007-03-12 15:11 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:20:28.01 ===============

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Thu Feb 12, 2009 10:23 am

Thanks guys

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Thu Feb 12, 2009 4:06 pm

Locate the Mcafee "M" sign in the corner, right click it > exit.
Okay any alerts that say you aren't protected, because Mcafee will interfere with this next tool.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\drivers\svchost.exe
    c:\windows\system32\ruqjislq.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\BaKQBccf.ini2
    c:\windows\system32\BaKQBccf.ini
    c:\windows\system32\fccBQKaB.dll.vir

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SVCHOST.EXE"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Fri Feb 13, 2009 9:54 am

========== FILES ==========
File/Folder c:\windows\system32\drivers\svchost.exe not found.
File/Folder c:\windows\system32\ruqjislq.dll not found.
c:\windows\system32\mcrh.tmp moved successfully.
c:\windows\system32\BaKQBccf.ini2 moved successfully.
c:\windows\system32\BaKQBccf.ini moved successfully.
c:\windows\system32\fccBQKaB.dll.vir moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SVCHOST.EXE deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_095520

End of message... Thanks.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Belahzur on Fri Feb 13, 2009 5:09 pm

Hello.
The leftover vundo should have been removed, how is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by flashthedeveloper on Fri Feb 13, 2009 6:10 pm

I'll let you know when I have a chance to use it properly.... As always, thanks guys.

flashthedeveloper
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2008-12-10
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : AVG (free edition)
Points Points : 29512
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: FAO Dr Inferno as req (post 1)

Post by Doctor Inferno on Mon Jul 06, 2009 3:29 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum