Zafi.B I think....

View previous topic View next topic Go down

Solved Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 12:52 am

Keeps popping up security alerts and changing which websites I go to, won't allow me to go to windows update. Thanks so much for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:10 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\keith\Desktop\hijackgpthis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: TM_BHO Class - {60EC89B7-367D-402B-8C55-30FAEB32A705} - C:\Program Files\Ford Motor Company\IDS\Runtime\tmctrlbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe"
O4 - HKLM\..\Run: [Starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"
O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"
O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E1314E-33CA-4C9C-ADEB-B42DCBBCA354}: NameServer = 204.125.169.229,216.148.225.135
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

--
End of file - 4873 bytes

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Belahzur on 16th January 2009, 1:01 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\drivers\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 1:18 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqxt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Belahzur on 16th January 2009, 4:47 pm

Hello.
Lets kill this rootkit now.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
TDSSserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\TDSSpqxt.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

Then lets see what's left.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 6:46 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\TDSSpqxt.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 6:49 pm

Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.217 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Documents and Settings\keith\Application Data\Google\yfijv17721328.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\keith\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\tmctrlbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"
mRun: [Starburst] "c:\program files\ford motor company\ids\runtime\Starburst.exe"
mRun: [Feedback] "c:\program files\ford motor company\ids\runtime\EngineeringFeedback.exe"
mRun: [ProbeTickHandler] "c:\program files\ford motor company\ids\runtime\ProbeTickHandler.exe"
mRun: [wclock] "c:\documents and settings\keith\application data\google\yfijv17721328.exe" 2
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {72E1314E-33CA-4C9C-ADEB-B42DCBBCA354} = 204.125.169.229,216.148.225.135

============= SERVICES / DRIVERS ===============

R4 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\tdsnetsetup.exe [2008-6-17 18432]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-4-13 22016]
S4 qvqqtqmqz;qvqqtqmqz;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-01-15 18:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 18:20 --d----- c:\documents and settings\keith\.SunDownloadManager
2009-01-15 14:35 --d----- c:\windows\system32\appmgmt
2009-01-15 13:58 441 a------- c:\windows\system32\tdssservers.dat
2009-01-15 13:07 2,204 a------- c:\windows\system32\TDSSfpmp.dll
2009-01-15 13:07 61,440 a------- c:\windows\system32\TDSSciou.dll
2009-01-15 13:07 31,232 a------- c:\windows\system32\TDSSliqp.dll
2009-01-15 13:07 29,696 a------- c:\windows\system32\TDSSnrse.dll
2009-01-15 13:07 441 a------- c:\windows\system32\TDSSosvn.dat
2009-01-15 13:07 35,840 a------- c:\windows\system32\TDSSoeqh.dll
2009-01-15 12:57 293 a------- C:\win32upd.exe
2009-01-12 13:06 199,869 a------- c:\windows\system32\rn.tmp
2008-12-30 17:01 --d----- C:\Google

==================== Find3M ====================


============= FINISH: 12:48:16.59 ===============

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 6:51 pm

I hope that was the correct one.....

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Belahzur on 16th January 2009, 7:02 pm

Yep, that was the right one. Lets finish up here now.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    c:\windows\system32\tdssservers.dat
    c:\windows\system32\TDSSfpmp.dll
    c:\windows\system32\TDSSciou.dll
    c:\windows\system32\TDSSliqp.dll
    c:\windows\system32\TDSSnrse.dll
    c:\windows\system32\TDSSosvn.dat
    c:\windows\system32\TDSSoeqh.dll
    C:\win32upd.exe
    c:\windows\system32\rn.tmp
    c:\documents and settings\keith\application data\google\*.*

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wclock"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 7:15 pm

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\tdssservers.dat moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSfpmp.dll NOT unregistered.
c:\windows\system32\TDSSfpmp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSciou.dll NOT unregistered.
c:\windows\system32\TDSSciou.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSliqp.dll NOT unregistered.
c:\windows\system32\TDSSliqp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSnrse.dll NOT unregistered.
c:\windows\system32\TDSSnrse.dll moved successfully.
c:\windows\system32\TDSSosvn.dat moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoeqh.dll NOT unregistered.
c:\windows\system32\TDSSoeqh.dll moved successfully.
C:\win32upd.exe moved successfully.
c:\windows\system32\rn.tmp moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\keith\application data\google\mjkspc.dll
c:\documents and settings\keith\application data\google\mjkspc.dll NOT unregistered.
c:\documents and settings\keith\application data\google\mjkspc.dll moved successfully.
c:\documents and settings\keith\application data\google\yfijv17721328.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_69c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_131019

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_69c.dat not found!

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Jonahbalonah on 16th January 2009, 7:16 pm

It couldn't move something or other but I think everything is working fine now. I don't know why you guys work for free but THANK YOU!!!!

Jonahbalonah
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-01-15
OS OS : jonah555
Points Points : 28870
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Belahzur on 16th January 2009, 7:17 pm

Glad to hear it. Wink

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Doctor Inferno on 18th April 2009, 10:48 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Zafi.B I think....

Post by Doctor Inferno on 18th April 2009, 10:49 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum