malware [Resolved]

View previous topic View next topic Go down

Solved malware [Resolved]

Post by guest on 3rd April 2008, 5:59 am

I have a trojan virus. this was detected after i ran a scan. I am constantly getting pop ups telling me i have a trojan virus. when i search on the internet i get pono sites in my search and .... pictures. Please help

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 3rd April 2008, 8:08 am

Hello, and welcome to GeekPolice Tech Support & Graphics. Cheesy Grin (sparkly

Please download HJTsetup.exe:



Code:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

* Save HJTsetup.exe to your desktop.
* Doubleclick on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\Hijack This.
* Click on I agree
* Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back here to this thread and Paste the log in your next reply.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Last edited by Doctor Inferno on 21st April 2008, 7:45 am; edited 1 time in total


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 3rd April 2008, 1:03 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:12 PM, on 9/10/2018
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\MICROS~4\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\WINDOWS\ausctv32a.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10477 bytes



i hope you really can help me.

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 4th April 2008, 8:32 am

Please download the [You must be registered and logged in to see this link.]

* Save it to your desktop.
* Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an [b]Administrator[/b]")
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
 C:\WINDOWS\ausctv32a.dll

* Return to OTMoveIt2, right click in the "[b]Paste List of Files/Folders to be Moved[/b]" window (under the light blue bar) and choose Paste.
* Click the red Moveit! button.
* OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=============================================


Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "[b]Perform Full Scan[/b]", then click Scan. Check all the boxes and click Start Scan
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 5th April 2008, 12:49 pm

here is what i got after i moved the files

File/Folder 5 Card Slingo from Hewlett-Packard Laptops (remove only) not found.
File/Folder Adobe Reader 7.0.9 not found.
File/Folder Adobe Shockwave Player not found.
File/Folder AppCore not found.
File/Folder Apple Mobile Device Support not found.
File/Folder Apple Software Update not found.
File/Folder Athlon 64 Processor Driver not found.
File/Folder ATI Control Panel not found.
File/Folder ATI Display Driver not found.
File/Folder AV not found.
File/Folder Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder Big Kahuna Reef from Hewlett-Packard Laptops (remove only) not found.
File/Folder Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) not found.
File/Folder Blasterball 2 from Hewlett-Packard Laptops (remove only) not found.
File/Folder Boggle Supreme from Hewlett-Packard Laptops (remove only) not found.
File/Folder Bonus not found.
File/Folder Bookworm Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder Bounce Symphony from Hewlett-Packard Laptops (remove only) not found.
File/Folder BUM not found.
File/Folder CC_ccProxyExt not found.
File/Folder ccCommon not found.
File/Folder ccPxyCore not found.
File/Folder Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder CIB not found.
File/Folder Conexant AC-Link Audio not found.
File/Folder Crystal Maze from Hewlett-Packard Laptops (remove only) not found.
File/Folder Customer Experience Enhancement not found.
File/Folder Easy Internet Sign-up not found.
File/Folder ESPNMotion not found.
File/Folder FATE from Hewlett-Packard Laptops (remove only) not found.
File/Folder Files Secure not found.
File/Folder Final Drive Nitro from Hewlett-Packard Laptops (remove only) not found.
File/Folder Flip Words from Hewlett-Packard Laptops (remove only) not found.
File/Folder GearDrvs not found.
File/Folder GemMaster Mystic not found.
File/Folder HijackThis 2.0.2 not found.
File/Folder Hotfix for Windows XP (KB896256) not found.
File/Folder Hotfix for Windows XP (KB914440) not found.
File/Folder Hotfix for Windows XP (KB915865) not found.
File/Folder HP Game Console and games not found.
File/Folder HP Help and Support not found.
File/Folder HP Imaging Device Functions 6.0 not found.
File/Folder HP Photosmart Premier Software 6.0 not found.
File/Folder HP QuickPlay 2.0 not found.
File/Folder HP Rhapsody not found.
File/Folder HP Software Update not found.
File/Folder HP User Guides 0026 not found.
File/Folder HP User Guides--System Recovery not found.
File/Folder HP Wireless Assistant 2.00 C1 not found.
File/Folder Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder iTunes not found.
File/Folder J2SE Runtime Environment 5.0 Update 10 not found.
File/Folder J2SE Runtime Environment 5.0 Update 11 not found.
File/Folder J2SE Runtime Environment 5.0 Update 6 not found.
File/Folder J2SE Runtime Environment 5.0 Update 9 not found.
File/Folder Java™ 6 Update 2 not found.
File/Folder Java™ 6 Update 3 not found.
File/Folder Java™ 6 Update 5 not found.
File/Folder Java™ SE Runtime Environment 6 Update 1 not found.
File/Folder Jewel Quest from Hewlett-Packard Laptops (remove only) not found.
File/Folder Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) not found.
File/Folder Lexibox Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder LiveUpdate 3.2 (Symantec Corporation) not found.
File/Folder LiveUpdate Notice (Symantec Corporation) not found.
File/Folder Mah Jong Quest from Hewlett-Packard Laptops (remove only) not found.
File/Folder Microsoft .NET Framework 1.0 Hotfix (KB887998) not found.
File/Folder Microsoft .NET Framework 1.0 Hotfix (KB930494) not found.
File/Folder Microsoft .NET Framework 1.1 not found.
File/Folder Microsoft .NET Framework 1.1 not found.
File/Folder Microsoft .NET Framework 1.1 Hotfix (KB928366) not found.
File/Folder Microsoft .NET Framework 2.0 not found.
File/Folder Microsoft Base Smart Card Cryptographic Service Provider Package not found.
File/Folder Microsoft Internationalized Domain Names Mitigation APIs not found.
File/Folder Microsoft Money 2006 not found.
File/Folder Microsoft National Language Support Downlevel APIs not found.
File/Folder Microsoft Office Professional Edition 2003 not found.
File/Folder Microsoft Works not found.
File/Folder MSXML 4.0 SP2 (KB927978) not found.
File/Folder MSXML 4.0 SP2 (KB936181) not found.
File/Folder muvee autoProducer 4.5 not found.
File/Folder Netscape Browser (remove only) not found.
File/Folder NFSL not found.
File/Folder Norton 360 not found.
File/Folder Norton 360 not found.
File/Folder Norton 360 not found.
File/Folder Norton 360 not found.
File/Folder Norton 360 (Symantec Corporation) not found.
File/Folder Norton 360 Help not found.
File/Folder Norton Add-on Pack (Symantec Corporation) not found.
File/Folder Norton AntiSpam not found.
File/Folder Norton AntiSpam not found.
File/Folder Norton Confidential Browser Component not found.
File/Folder Norton Confidential Web Authentification Component not found.
File/Folder Norton Confidential Web Protection Component not found.
File/Folder Norton Internet Security Bonus Pack not found.
File/Folder Norton Security Scan not found.
File/Folder Oasis from Hewlett-Packard Laptops (remove only) not found.
File/Folder Office 2003 Trial Assistant not found.
File/Folder Otto not found.
File/Folder Panda ActiveScan not found.
File/Folder Polar Bowler from Hewlett-Packard Laptops (remove only) not found.
File/Folder Polar Golfer from Hewlett-Packard Laptops (remove only) not found.
File/Folder Puzzle Express from Hewlett-Packard Laptops (remove only) not found.
File/Folder Quick Launch Buttons 5.20 G1 not found.
File/Folder Quicken 2006 not found.
File/Folder QuickTime not found.
File/Folder SCRABBLE from Hewlett-Packard Laptops (remove only) not found.
File/Folder Security Update for Microsoft .NET Framework 2.0 (KB928365) not found.
File/Folder Security Update for Step By Step Interactive Training (KB898458) not found.
File/Folder Security Update for Step By Step Interactive Training (KB923723) not found.
File/Folder Security Update for Windows Internet Explorer 7 (KB938127) not found.
File/Folder Security Update for Windows Internet Explorer 7 (KB942615) not found.
File/Folder Security Update for Windows Internet Explorer 7 (KB944533) not found.
File/Folder Security Update for Windows Media Player (KB911564) not found.
File/Folder Security Update for Windows Media Player 10 (KB911565) not found.
File/Folder Security Update for Windows Media Player 10 (KB917734) not found.
File/Folder Security Update for Windows Media Player 10 (KB936782) not found.
File/Folder Security Update for Windows Media Player 6.4 (KB925398) not found.

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 5th April 2008, 12:51 pm

File/Folder Security Update for Windows XP (KB890046) not found.
File/Folder Security Update for Windows XP (KB893066) not found.
File/Folder Security Update for Windows XP (KB893756) not found.
File/Folder Security Update for Windows XP (KB896358) not found.
File/Folder Security Update for Windows XP (KB896422) not found.
File/Folder Security Update for Windows XP (KB896423) not found.
File/Folder Security Update for Windows XP (KB896424) not found.
File/Folder Security Update for Windows XP (KB896428) not found.
File/Folder Security Update for Windows XP (KB899587) not found.
File/Folder Security Update for Windows XP (KB899589) not found.
File/Folder Security Update for Windows XP (KB899591) not found.
File/Folder Security Update for Windows XP (KB900725) not found.
File/Folder Security Update for Windows XP (KB901017) not found.
File/Folder Security Update for Windows XP (KB901190) not found.
File/Folder Security Update for Windows XP (KB901214) not found.
File/Folder Security Update for Windows XP (KB902400) not found.
File/Folder Security Update for Windows XP (KB903235) not found.
File/Folder Security Update for Windows XP (KB904706) not found.
File/Folder Security Update for Windows XP (KB905414) not found.
File/Folder Security Update for Windows XP (KB905749) not found.
File/Folder Security Update for Windows XP (KB908519) not found.
File/Folder Security Update for Windows XP (KB911562) not found.
File/Folder Security Update for Windows XP (KB911567) not found.
File/Folder Security Update for Windows XP (KB911927) not found.
File/Folder Security Update for Windows XP (KB912919) not found.
File/Folder Security Update for Windows XP (KB913446) not found.
File/Folder Security Update for Windows XP (KB913580) not found.
File/Folder Security Update for Windows XP (KB914388) not found.
File/Folder Security Update for Windows XP (KB914389) not found.
File/Folder Security Update for Windows XP (KB916281) not found.
File/Folder Security Update for Windows XP (KB917159) not found.
File/Folder Security Update for Windows XP (KB917344) not found.
File/Folder Security Update for Windows XP (KB917422) not found.
File/Folder Security Update for Windows XP (KB917953) not found.
File/Folder Security Update for Windows XP (KB918118) not found.
File/Folder Security Update for Windows XP (KB918439) not found.
File/Folder Security Update for Windows XP (KB918899) not found.
File/Folder Security Update for Windows XP (KB919007) not found.
File/Folder Security Update for Windows XP (KB920213) not found.
File/Folder Security Update for Windows XP (KB920214) not found.
File/Folder Security Update for Windows XP (KB920670) not found.
File/Folder Security Update for Windows XP (KB920683) not found.
File/Folder Security Update for Windows XP (KB920685) not found.
File/Folder Security Update for Windows XP (KB921398) not found.
File/Folder Security Update for Windows XP (KB921503) not found.
File/Folder Security Update for Windows XP (KB921883) not found.
File/Folder Security Update for Windows XP (KB922616) not found.
File/Folder Security Update for Windows XP (KB922760) not found.
File/Folder Security Update for Windows XP (KB922819) not found.
File/Folder Security Update for Windows XP (KB923191) not found.
File/Folder Security Update for Windows XP (KB923414) not found.
File/Folder Security Update for Windows XP (KB923689) not found.
File/Folder Security Update for Windows XP (KB923694) not found.
File/Folder Security Update for Windows XP (KB923980) not found.
File/Folder Security Update for Windows XP (KB924191) not found.
File/Folder Security Update for Windows XP (KB924270) not found.
File/Folder Security Update for Windows XP (KB924496) not found.
File/Folder Security Update for Windows XP (KB924667) not found.
File/Folder Security Update for Windows XP (KB925454) not found.
File/Folder Security Update for Windows XP (KB925486) not found.
File/Folder Security Update for Windows XP (KB925902) not found.
File/Folder Security Update for Windows XP (KB926255) not found.
File/Folder Security Update for Windows XP (KB926436) not found.
File/Folder Security Update for Windows XP (KB927779) not found.
File/Folder Security Update for Windows XP (KB927802) not found.
File/Folder Security Update for Windows XP (KB928090) not found.
File/Folder Security Update for Windows XP (KB928255) not found.
File/Folder Security Update for Windows XP (KB928843) not found.
File/Folder Security Update for Windows XP (KB929123) not found.
File/Folder Security Update for Windows XP (KB929969) not found.
File/Folder Security Update for Windows XP (KB930178) not found.
File/Folder Security Update for Windows XP (KB931261) not found.
File/Folder Security Update for Windows XP (KB931768) not found.
File/Folder Security Update for Windows XP (KB931784) not found.
File/Folder Security Update for Windows XP (KB932168) not found.
File/Folder Security Update for Windows XP (KB933566) not found.
File/Folder Security Update for Windows XP (KB933729) not found.
File/Folder Security Update for Windows XP (KB935839) not found.
File/Folder Security Update for Windows XP (KB935840) not found.
File/Folder Security Update for Windows XP (KB936021) not found.
File/Folder Security Update for Windows XP (KB937143) not found.
File/Folder Security Update for Windows XP (KB937894) not found.
File/Folder Security Update for Windows XP (KB938127) not found.
File/Folder Security Update for Windows XP (KB938829) not found.
File/Folder Security Update for Windows XP (KB939653) not found.
File/Folder Security Update for Windows XP (KB941202) not found.
File/Folder Security Update for Windows XP (KB941568) not found.
File/Folder Security Update for Windows XP (KB941569) not found.
File/Folder Security Update for Windows XP (KB941644) not found.
File/Folder Security Update for Windows XP (KB942615) not found.
File/Folder Security Update for Windows XP (KB943055) not found.
File/Folder Security Update for Windows XP (KB943460) not found.
File/Folder Security Update for Windows XP (KB943485) not found.
File/Folder Security Update for Windows XP (KB944653) not found.
File/Folder Security Update for Windows XP (KB946026) not found.
File/Folder Slingo Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder Slyder from Hewlett-Packard Laptops (remove only) not found.
File/Folder Snowboard SuperJam not found.
File/Folder Soft Data Fax Modem with SmartCP not found.
File/Folder Sonic Audio Module not found.
File/Folder Sonic Copy Module not found.
File/Folder Sonic Data Module not found.
File/Folder Sonic Express Labeler not found.
File/Folder Sonic MyDVD Plus not found.
File/Folder Sonic Update Manager not found.
File/Folder SonicAC3Encoder not found.
File/Folder SonicMPEGEncoder not found.
File/Folder SPBBC 32bit not found.
File/Folder Spyware Doctor 5.5 not found.
File/Folder Super Granny from Hewlett-Packard Laptops (remove only) not found.
File/Folder SuppSoft not found.
File/Folder Symantec KB-DocID:2003093015493306 not found.
File/Folder Symantec Technical Support Controls not found.
File/Folder SymNet not found.
File/Folder Synaptics Pointing Device Driver not found.
File/Folder Texas Instruments PCIxx21/x515/xx12 drivers. not found.
File/Folder TourSetup not found.
File/Folder Tradewinds from Hewlett-Packard Laptops (remove only) not found.
File/Folder Update for Windows Media Player 10 (KB913800) not found.
File/Folder Update for Windows Media Player 10 (KB926251) not found.
File/Folder Update for Windows XP (KB894391) not found.
File/Folder Update for Windows XP (KB896727) not found.
File/Folder Update for Windows XP (KB898461) not found.
File/Folder Update for Windows XP (KB900485) not found.
File/Folder Update for Windows XP (KB904942) not found.
File/Folder Update for Windows XP (KB908531) not found.
File/Folder Update for Windows XP (KB910437) not found.
File/Folder Update for Windows XP (KB911280) not found.
File/Folder Update for Windows XP (KB916595) not found.
File/Folder Update for Windows XP (KB920872) not found.
File/Folder Update for Windows XP (KB922582) not found.
File/Folder Update for Windows XP (KB927891) not found.
File/Folder Update for Windows XP (KB929338) not found.
File/Folder Update for Windows XP (KB930916) not found.
File/Folder Update for Windows XP (KB931836) not found.
File/Folder Update for Windows XP (KB933360) not found.
File/Folder Update for Windows XP (KB938828) not found.
File/Folder Update for Windows XP (KB942763) not found.
File/Folder Update for Windows XP (KB942840) not found.
File/Folder Verizon Online Help and Support not found.
File/Folder WildTangent Web Driver not found.
File/Folder Windows Installer 3.1 (KB893803) not found.
File/Folder Windows Internet Explorer 7 not found.
File/Folder Windows Media Format Runtime not found.
File/Folder Windows Media Hotfix - KB895181 not found.
File/Folder Windows Media Player Hotfix [See KB832353 for more information] not found.
File/Folder Windows XP Hotfix - KB873333 not found.
File/Folder Windows XP Hotfix - KB873339 not found.
File/Folder Windows XP Hotfix - KB883667 not found.
File/Folder Windows XP Hotfix - KB884575 not found.
File/Folder Windows XP Hotfix - KB885250 not found.
File/Folder Windows XP Hotfix - KB885464 not found.
File/Folder Windows XP Hotfix - KB885835 not found.
File/Folder Windows XP Hotfix - KB885836 not found.
File/Folder Windows XP Hotfix - KB885855 not found.
File/Folder Windows XP Hotfix - KB885884 not found.
File/Folder Windows XP Hotfix - KB886185 not found.
File/Folder Windows XP Hotfix - KB887472 not found.
File/Folder Windows XP Hotfix - KB887742 not found.
File/Folder Windows XP Hotfix - KB888113 not found.
File/Folder Windows XP Hotfix - KB888239 not found.
File/Folder Windows XP Hotfix - KB888302 not found.
File/Folder Windows XP Hotfix - KB888402 not found.
File/Folder Windows XP Hotfix - KB889673 not found.
File/Folder Windows XP Hotfix - KB890546 not found.
File/Folder Windows XP Hotfix - KB890859 not found.
File/Folder Windows XP Hotfix - KB891781 not found.
File/Folder Windows XP Hotfix - KB892559 not found.
File/Folder Windows XP Media Center Edition 2005 KB908250 not found.
File/Folder Wireless Home Network Setup not found.
File/Folder XoftSpySE not found.
File/Folder Zuma Deluxe from Hewlett-Packard Laptops (remove only) not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03202008_225112

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 6th April 2008, 12:36 am

You copied your uninstall list instead of the file that I asked you to copy.

Please re-read my previous post and copy the one file into the OTMove it program.
Then click on Move it.
Then run the Malwarebytes antimalware program and post the logs please.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 11th April 2008, 4:10 am

sorry i did not see any file paths. both windows were empty. please advise i'm not clear on that part. i am running the malwarebytes scan now.

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 11th April 2008, 12:18 pm

# Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

# Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
 C:\WINDOWS\ausctv32a.dll

* Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

* Click the red Moveit! button.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 14th April 2008, 9:32 am

here are my logs from mbam
Malwarebytes' Anti-Malware 1.09
Database version: 515

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128051
Time elapsed: 35 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\ausctv32a.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ausctv32a.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce0487ca-8b02-431e-ba63-d38844e020b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ce0487ca-8b02-431e-ba63-d38844e020b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce0487ca-8b02-431e-ba63-d38844e020b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ausctv32a.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ausctv32a.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Files-Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\ausctv32a.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GLXNKYKS\setup2[1].exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP401\A0035218.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db1 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db2 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db3 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db4 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db5 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Files Secure 2.1.lnk (Rogue.Files-Secure) -> Quarantined and deleted successfully.



here is my file path from moveit
File/Folder C:\WINDOWS\ausctv32a.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_095353

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 14th April 2008, 1:25 pm

Please download [You must be registered and logged in to see this link.] by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================


Please do an online scan with [You must be registered and logged in to see this link.]
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:

Scan Archives
Scan Mail Bases

* Click OK
* Now under select a target to scan:
Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 16th April 2008, 1:18 pm

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 1:42:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 651364


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 89251
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:45:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2D697881.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFFD20.tmp Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 16th April 2008, 1:20 pm

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\Bonus\Log\Shazam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAD.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWADMT.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.ldb Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped

C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped

C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped

C:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP402\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{45E649AC-2E33-41C1-B8A7-C058CFF04A97}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JET7C55.tmp Object is locked skipped

C:\WINDOWS\Temp\JET86E4.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



my com is virus free. i am not getting the pop up any more stating that i have a trojan virus. also in my searches i,m not getting the porn sites either. however, the recent scan still shows infections. what do i do now?

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 18th April 2008, 7:27 am

This file is not really a threat but it is people pc related.
Because it was detected we will remove it.
============================
Double click on OTMove it 2 and paste the following file path in

C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe

Then click on the Move it button.
=====================
Post that log that OTmove it makes it will be in the folder that the others were in then also post another Hijackthis log and we will finish up.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 19th April 2008, 4:20 am

here is the info from otmove it

C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04219008_223150

i'll work on the hijack log nextLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:50 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9644 bytes



thanks for all your help

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 20th April 2008, 2:03 am

You are welcome

Cleanup::

    * Make sure you have an Internet Connection.
    * Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    * Click on the CleanUp! button
    * A list of tool components used in the Cleanup of malware will be downloaded.
    * If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    * Click Yes to begin the Cleanup process and remove these components, including this application.
    * You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



======================
Uninstall Malwarebytes antimalware and delete anything left over.


Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.

    Click on *Start
    Right-click *My Computer
    Click *Properties
    Click the *System Restore tab
    Check *Turn off System Restore
    Click *Apply, and then click *OK.




2. Reboot.

3. Turn ON System Restore.

    Click on *Start
    Right-click *My Computer
    Click *Properties
    *UN-Check *Turn off System Restore*
    Check *Turn on System Restore
    Click *Apply, and then click *OK.





How to Turn On and Turn Off System Restore in Windows XP
[You must be registered and logged in to see this link.]
===========================================
After that Your log is clean. Cheesy Grin (sparkly


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: malware [Resolved]

Post by guest on 21st April 2008, 7:41 am

thank you so much! everything is fine now! Hooray!

guest
Guest


Back to top Go down

Solved Re: malware [Resolved]

Post by Doctor Inferno on 21st April 2008, 7:44 am

You are most welcome.

*********************************************************

This subject has been addressed or corrected. The subject is now closed.

*********************************************************


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum