Welcome to GeekPolice!
HomeZafi.B I think....
Page 1 of 2
Page 1 of 2 • 1, 2 
- Jonahbalonah
Novice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 
Jonahbalonah on 16th January 2009, 12:52 am
Keeps popping up security alerts and changing which websites I go to, won't allow me to go to windows update. Thanks so much for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:10 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\keith\Desktop\hijackgpthis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: TM_BHO Class - {60EC89B7-367D-402B-8C55-30FAEB32A705} - C:\Program Files\Ford Motor Company\IDS\Runtime\tmctrlbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe"
O4 - HKLM\..\Run: [Starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"
O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"
O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E1314E-33CA-4C9C-ADEB-B42DCBBCA354}: NameServer = 204.125.169.229,216.148.225.135
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
--
End of file - 4873 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:10 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\keith\Desktop\hijackgpthis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: TM_BHO Class - {60EC89B7-367D-402B-8C55-30FAEB32A705} - C:\Program Files\Ford Motor Company\IDS\Runtime\tmctrlbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe"
O4 - HKLM\..\Run: [Starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"
O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"
O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E1314E-33CA-4C9C-ADEB-B42DCBBCA354}: NameServer = 204.125.169.229,216.148.225.135
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
--
End of file - 4873 bytes
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218225
Likes : 18 -
Belahzur on 16th January 2009, 1:01 am
Hello.
1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) - Press "Fix Checked"
- Close Hijack This.
1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
Files to delete:
C:\WINDOWS\system32\drivers\svchost.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Input script here:", paste in the script from the quote box above.
- Leave the ticked box "Scan for rootkit" ticked.
- Then tick "Disable any rootkits found"
- Now click on the Execute to begin execution of the script.
- Answer "Yes" twice when prompted.
The Avenger will automatically do the following: - It will Restart your computer.
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 1:18 am
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqxt.sys
Driver disabled successfully.
Rootkit scan completed.
File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqxt.sys
Driver disabled successfully.
Rootkit scan completed.
File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218225
Likes : 18 -
Belahzur on 16th January 2009, 4:47 pm
Hello.
Lets kill this rootkit now.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Then lets see what's left.
Lets kill this rootkit now.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Drivers to delete:
TDSSserv.sys
Files to delete:
C:\WINDOWS\system32\drivers\TDSSpqxt.sys
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Input script here:", paste in the script from the quote box above.
- Leave the ticked box "Scan for rootkit" ticked.
- Then tick "Disable any rootkits found"
- Now click on the Execute to begin execution of the script.
- Answer "Yes" twice when prompted.
The Avenger will automatically do the following: - It will Restart your computer.
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Then lets see what's left.
- Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Link 3 - Double click DDS.scr to run
- When complete, DDS.txt will open.
- Click No for Optional Scan.
- Save the report to your Desktop.
- Copy and paste DDS.txt back here, I don't need to see attach.txt.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 6:46 pm
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\TDSSpqxt.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\TDSSpqxt.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 6:49 pm
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.217 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Documents and Settings\keith\Application Data\Google\yfijv17721328.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\keith\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\tmctrlbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"
mRun: [Starburst] "c:\program files\ford motor company\ids\runtime\Starburst.exe"
mRun: [Feedback] "c:\program files\ford motor company\ids\runtime\EngineeringFeedback.exe"
mRun: [ProbeTickHandler] "c:\program files\ford motor company\ids\runtime\ProbeTickHandler.exe"
mRun: [wclock] "c:\documents and settings\keith\application data\google\yfijv17721328.exe" 2
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {72E1314E-33CA-4C9C-ADEB-B42DCBBCA354} = 204.125.169.229,216.148.225.135
============= SERVICES / DRIVERS ===============
R4 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\tdsnetsetup.exe [2008-6-17 18432]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-4-13 22016]
S4 qvqqtqmqz;qvqqtqmqz;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
=============== Created Last 30 ================
2009-01-15 18:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 18:20 --d----- c:\documents and settings\keith\.SunDownloadManager
2009-01-15 14:35 --d----- c:\windows\system32\appmgmt
2009-01-15 13:58 441 a------- c:\windows\system32\tdssservers.dat
2009-01-15 13:07 2,204 a------- c:\windows\system32\TDSSfpmp.dll
2009-01-15 13:07 61,440 a------- c:\windows\system32\TDSSciou.dll
2009-01-15 13:07 31,232 a------- c:\windows\system32\TDSSliqp.dll
2009-01-15 13:07 29,696 a------- c:\windows\system32\TDSSnrse.dll
2009-01-15 13:07 441 a------- c:\windows\system32\TDSSosvn.dat
2009-01-15 13:07 35,840 a------- c:\windows\system32\TDSSoeqh.dll
2009-01-15 12:57 293 a------- C:\win32upd.exe
2009-01-12 13:06 199,869 a------- c:\windows\system32\rn.tmp
2008-12-30 17:01 --d----- C:\Google
==================== Find3M ====================
============= FINISH: 12:48:16.59 ===============
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.217 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Documents and Settings\keith\Application Data\Google\yfijv17721328.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\keith\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\tmctrlbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"
mRun: [Starburst] "c:\program files\ford motor company\ids\runtime\Starburst.exe"
mRun: [Feedback] "c:\program files\ford motor company\ids\runtime\EngineeringFeedback.exe"
mRun: [ProbeTickHandler] "c:\program files\ford motor company\ids\runtime\ProbeTickHandler.exe"
mRun: [wclock] "c:\documents and settings\keith\application data\google\yfijv17721328.exe" 2
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {72E1314E-33CA-4C9C-ADEB-B42DCBBCA354} = 204.125.169.229,216.148.225.135
============= SERVICES / DRIVERS ===============
R4 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\tdsnetsetup.exe [2008-6-17 18432]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-4-13 22016]
S4 qvqqtqmqz;qvqqtqmqz;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
=============== Created Last 30 ================
2009-01-15 18:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 18:20
2009-01-15 14:35
2009-01-15 13:58 441 a------- c:\windows\system32\tdssservers.dat
2009-01-15 13:07 2,204 a------- c:\windows\system32\TDSSfpmp.dll
2009-01-15 13:07 61,440 a------- c:\windows\system32\TDSSciou.dll
2009-01-15 13:07 31,232 a------- c:\windows\system32\TDSSliqp.dll
2009-01-15 13:07 29,696 a------- c:\windows\system32\TDSSnrse.dll
2009-01-15 13:07 441 a------- c:\windows\system32\TDSSosvn.dat
2009-01-15 13:07 35,840 a------- c:\windows\system32\TDSSoeqh.dll
2009-01-15 12:57 293 a------- C:\win32upd.exe
2009-01-12 13:06 199,869 a------- c:\windows\system32\rn.tmp
2008-12-30 17:01
==================== Find3M ====================
============= FINISH: 12:48:16.59 ===============
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 6:51 pm
I hope that was the correct one.....
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218225
Likes : 18 -
Belahzur on 16th January 2009, 7:02 pm
Yep, that was the right one. Lets finish up here now.
Please download the OTMoveIt3 by OldTimer.
Please post the OTMoveIt log.
Please download the OTMoveIt3 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:processes
explorer.exe
:files
c:\windows\system32\tdssservers.dat
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSSoeqh.dll
C:\win32upd.exe
c:\windows\system32\rn.tmp
c:\documents and settings\keith\application data\google\*.*
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wclock"=-
:commands
[purity]
[emptytemp]
[start explorer]
[reboot] - Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Please post the OTMoveIt log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 7:15 pm
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\tdssservers.dat moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSfpmp.dll NOT unregistered.
c:\windows\system32\TDSSfpmp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSciou.dll NOT unregistered.
c:\windows\system32\TDSSciou.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSliqp.dll NOT unregistered.
c:\windows\system32\TDSSliqp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSnrse.dll NOT unregistered.
c:\windows\system32\TDSSnrse.dll moved successfully.
c:\windows\system32\TDSSosvn.dat moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoeqh.dll NOT unregistered.
c:\windows\system32\TDSSoeqh.dll moved successfully.
C:\win32upd.exe moved successfully.
c:\windows\system32\rn.tmp moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\keith\application data\google\mjkspc.dll
c:\documents and settings\keith\application data\google\mjkspc.dll NOT unregistered.
c:\documents and settings\keith\application data\google\mjkspc.dll moved successfully.
c:\documents and settings\keith\application data\google\yfijv17721328.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_69c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_131019
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_69c.dat not found!
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\tdssservers.dat moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSfpmp.dll NOT unregistered.
c:\windows\system32\TDSSfpmp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSciou.dll NOT unregistered.
c:\windows\system32\TDSSciou.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSliqp.dll NOT unregistered.
c:\windows\system32\TDSSliqp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSnrse.dll NOT unregistered.
c:\windows\system32\TDSSnrse.dll moved successfully.
c:\windows\system32\TDSSosvn.dat moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoeqh.dll NOT unregistered.
c:\windows\system32\TDSSoeqh.dll moved successfully.
C:\win32upd.exe moved successfully.
c:\windows\system32\rn.tmp moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\keith\application data\google\mjkspc.dll
c:\documents and settings\keith\application data\google\mjkspc.dll NOT unregistered.
c:\documents and settings\keith\application data\google\mjkspc.dll moved successfully.
c:\documents and settings\keith\application data\google\yfijv17721328.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_69c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_131019
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_69c.dat not found!
- JonahbalonahNovice
-
OS : jonah555
Posts : 7
Rubies : 3389
Likes : 0 -
Jonahbalonah on 16th January 2009, 7:16 pm
It couldn't move something or other but I think everything is working fine now. I don't know why you guys work for free but THANK YOU!!!!
Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum
