Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Internet Security 2010 - System Scan - Security Warning - W

Started by kapusta , Dec 12 2009 11:38 PM

  • This topic is locked This topic is locked
96 replies to this topic

#61 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 December 2009 - 09:34 PM

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#62 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 09:47 PM

I did not get any prompts for Optional Scan. - - - - - - DDS (Ver_09-06-26.01) - NTFSx86 Run by Myself at 22:41:07.07 on Tue 12/15/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -5:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Myself\My Documents\Downloads\dds(3).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.intergate.com/startpage/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.intergate.com/startpage/ mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.intergate.com/startpage/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [ShowLOMControl] 1 (0x1) mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe" mRun: [kibimoboh] Rundll32.exe "c:\windows\system32\paviviwa.dll",a StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\paviviwa.dll,nujeruze.dll c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - c:\documents and settings\all users\application data\macromedia\swupdate\swupdate.dll SSODL: tujedodip - {b687f362-4172-45d3-8ba9-1108bf9c77a3} - c:\windows\system32\paviviwa.dll STS: kupuhivus: {b687f362-4172-45d3-8ba9-1108bf9c77a3} - c:\windows\system32\paviviwa.dll LSA: Notification Packages = scecli setizafu.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\myself\applic~1\mozilla\firefox\profiles\sr4rv36a.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-12 207792] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-4-26 372824] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-12 112592] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 190480] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 31248] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2006-4-14 375424] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?] S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2008-7-8 27904] S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2008-7-8 1208448] S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2008-7-8 1200768] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-12 359624] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-12 1141712] =============== Created Last 30 ================ 2009-12-13 13:15 203 a------- C:\fixme.reg 2009-12-13 11:45 <DIR> --d----- c:\program files\TrendMicro 2009-12-12 03:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-12 03:00 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-12-12 02:06 767,952 a------- c:\windows\BDTSupport.dll 2009-12-12 02:06 149,456 a------- c:\windows\SGDetectionTool.dll 2009-12-12 02:06 882 a------- c:\windows\RegSDImport.xml 2009-12-12 02:06 880 a------- c:\windows\RegISSImport.xml 2009-12-12 02:06 131 a------- c:\windows\IDB.zip 2009-12-12 02:06 1,640,400 a------- c:\windows\PCTBDCore.dll 2009-12-12 02:06 1,152,444 a------- c:\windows\UDB.zip 2009-12-12 02:06 165,840 a------- c:\windows\PCTBDRes.dll 2009-12-12 01:45 <DIR> --d----- c:\docume~1\myself\applic~1\Malwarebytes 2009-12-12 01:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-12-12 01:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-12 01:36 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-12-12 01:36 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat 2009-12-12 01:36 207,792 a------- c:\windows\system32\drivers\PCTCore.sys 2009-12-12 01:36 87,784 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-12-12 01:36 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat 2009-12-12 01:36 7,383 a------- c:\windows\system32\drivers\pctcore.cat 2009-12-12 01:36 70,408 a------- c:\windows\system32\drivers\pctplsg.sys 2009-12-12 01:36 7,383 a------- c:\windows\system32\drivers\pctplsg.cat 2009-12-12 01:35 <DIR> --d----- c:\program files\Spyware Doctor 2009-12-12 01:35 <DIR> --d----- c:\program files\common files\PC Tools 2009-12-12 01:35 <DIR> --d----- c:\docume~1\myself\applic~1\PC Tools 2009-12-12 01:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-12-12 00:37 512,000 -------- c:\windows\system32\dllcache\jscript.dll 2009-12-12 00:35 0 a------- c:\windows\system32\31567.exe 2009-12-12 00:15 0 a------- c:\windows\system32\26220.exe 2009-12-11 23:55 0 a------- c:\windows\system32\5621.exe 2009-12-11 23:21 0 a------- c:\windows\system32\15730.exe 2009-12-11 23:01 0 a------- c:\windows\system32\25328.exe 2009-12-11 22:41 0 a------- c:\windows\system32\25190.exe 2009-12-11 22:21 0 a------- c:\windows\system32\31684.exe 2009-12-10 21:57 18,944 a------- c:\windows\system32\winhelper86.dll 2009-12-10 21:57 39,424 a------- c:\windows\system32\winlogon86.exe 2009-12-10 21:57 34,308 a------- c:\windows\system32\logon.exe.vir 2009-11-27 22:32 <DIR> --d----- c:\windows\system32\en 2009-11-27 22:32 <DIR> --d----- c:\windows\system32\bits 2009-11-27 22:19 0 a------t c:\windows\005797_.tmp ==================== Find3M ==================== 2009-10-29 14:08 3,070,976 -------- c:\windows\system32\dllcache\mshtml.dll 2009-10-29 00:38 667,136 a------- c:\windows\system32\wininet.dll 2009-10-29 00:38 667,136 -------- c:\windows\system32\dllcache\wininet.dll 2009-10-29 00:38 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll 2009-10-29 00:38 627,712 -------- c:\windows\system32\dllcache\urlmon.dll 2009-10-21 00:38 75,776 a------- c:\windows\system32\strmfilt.dll 2009-10-21 00:38 25,088 a------- c:\windows\system32\httpapi.dll 2009-10-21 00:38 75,776 -------- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 00:38 25,088 -------- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 11:20 265,728 a------- c:\windows\system32\drivers\http.sys 2009-10-20 11:20 265,728 -------- c:\windows\system32\dllcache\http.sys 2009-10-13 05:30 270,336 a------- c:\windows\system32\oakley.dll 2009-10-13 05:30 270,336 -------- c:\windows\system32\dllcache\oakley.dll 2009-10-12 08:38 149,504 a------- c:\windows\system32\rastls.dll 2009-10-12 08:38 149,504 -------- c:\windows\system32\dllcache\rastls.dll 2009-10-12 08:38 79,872 a------- c:\windows\system32\raschap.dll 2009-10-12 08:38 79,872 -------- c:\windows\system32\dllcache\raschap.dll 2009-09-25 00:37 81,920 a------- c:\windows\system32\ieencode.dll 2009-09-25 00:37 81,920 -------- c:\windows\system32\dllcache\ieencode.dll 2007-09-02 16:57 60,968 a------- c:\documents and settings\myself\GoToAssistDownloadHelper.exe 2002-07-26 16:02 153,088 a------- c:\program files\UNWISE.EXE 2009-09-13 01:36 61,952 a--sh--- c:\windows\system32\bebapufe.dll 2006-05-06 09:01 88 -c-shr-- c:\windows\system32\CB6D8158AE.sys 2009-09-11 22:06 51,712 a--sh--- c:\windows\system32\dowikabu.dll 2009-09-10 22:02 39,424 a--sh--- c:\windows\system32\jiyayuda.dll 2009-09-11 22:06 39,424 a--sh--- c:\windows\system32\kipiheba.dll 2009-09-11 22:07 51,712 a--sh--- c:\windows\system32\nujeruze.dll 2009-09-13 01:36 92,160 a--sh--- c:\windows\system32\paviviwa.dll 2009-09-11 22:07 51,712 a--sh--- c:\windows\system32\setizafu.dll 2009-09-12 13:36 38,400 a--sh--- c:\windows\system32\tesegigo.dll 2009-09-11 22:07 51,712 a--sh--- c:\windows\system32\wifukolu.dll 2009-09-13 01:36 38,400 a--sh--- c:\windows\system32\yapowuwi.dll 2009-09-12 13:36 92,160 a--sh--- c:\windows\system32\yivomadu.dll ============= FINISH: 22:42:19.78 ===============

#63 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 09:48 PM

No prompts at all. Everything was automatic.

#64 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 09:50 PM

Let me know if it's your bedtime now. Or will you check it tomorrow?

#65 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 December 2009 - 09:55 PM

Delete these Files if listed:
c:\windows\system32\31567.exe
c:\windows\system32\26220.exe
c:\windows\system32\5621.exe
c:\windows\system32\15730.exe
c:\windows\system32\25328.exe
c:\windows\system32\25190.exe
c:\windows\system32\31684.exe
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\logon.exe.vir
c:\windows\005797_.tmp
c:\windows\system32\bebapufe.dll
c:\windows\system32\dowikabu.dll
c:\windows\system32\jiyayuda.dll
c:\windows\system32\kipiheba.dll
c:\windows\system32\nujeruze.dll
c:\windows\system32\paviviwa.dll
c:\windows\system32\setizafu.dll
c:\windows\system32\tesegigo.dll
c:\windows\system32\wifukolu.dll
c:\windows\system32\yapowuwi.dll
c:\windows\system32\yivomadu.dll

Empty Recycle Bin

Reboot and please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#66 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 December 2009 - 09:56 PM

Yes, I'm headed to bed.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#67 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 09:58 PM

I will delete the files now anyway, etc, and post.

#68 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 10:16 PM

I did not find bebapufe or anything below it in the list. Everything above it, I searched out one by one, deleted, emptied them from the recycle. Reboot. Same behavior. No wallpaper. I will test a web search. No sound is coming from MediaCenter, even though decibel bar is all the way up.

#69 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 15 December 2009 - 10:26 PM

One of the names, c:\windows\system32\paviviwa.dll, is one of the mysterious ones that we were trying to delete before. It showed up in some log. But I deleted it, emptied the trash, and it was still showing up in the log (?)

#70 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 December 2009 - 06:38 AM

See if either one of these fixes the desktop issue. Goto Start -> Settings -> Control Panel -> DisplayChoose the Desktop Tab Click on "Customize Desktop" button. On this new window click on "Web" tab. In the list of "Web Pages" delete the items named "Privacy Protection" and "WINDOWS\privacy_danger\index.htm" apply the new settings by clicking ok. Delete Next: 1. Click Start, and then click Control Panel. 2. Double-click Display, click the Desktop tab, and then click Customize Desktop. 3. Select Restore Defaults

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#71 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 16 December 2009 - 08:25 AM

This sounds like something I can do without internet, though I may not be able to follow up on whether I can get into my e-mail or other pages. Maybe I can go out to my car and work on it at lunch.

#72 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 16 December 2009 - 11:46 AM

Please do the following:

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): (do not copy the word "code" > start with the colon in front of :processes)

:Processes
explorer.exe
logon.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tujedodip"="-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b687f362-4172-45d3-8ba9-1108bf9c77a3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kibimoboh"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

:Files
c:\windows\system32\logon.exe
c:\windows\system32\paviviwa.dll
c:\windows\system32\nujeruze.dll
c:\windows\system32\dowikabu.dll
c:\windows\system32\jiyayuda.dll
c:\windows\system32\kipiheba.dll
c:\windows\system32\nujeruze.dll
c:\windows\system32\setizafu.dll
c:\windows\system32\tesegigo.dll
c:\windows\system32\wifukolu.dll
c:\windows\system32\yegejoso.dll
c:\windows\system32\yivomadu.dll
c:\windows\system32\winlogon86.exe
c:\program files\InternetSecurity2010
c:\windows\system32\41.exe
c:\windows\system32\winhelper86.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\winupdate86.exe
c:\windows\system32\31567.exe
c:\windows\system32\26220.exe
c:\windows\system32\5621.exe
c:\windows\system32\15730.exe
c:\windows\system32\25328.exe
c:\windows\system32\25190.exe
c:\windows\system32\31684.exe
C:\Program Files\InternetSecurity2010\IS2010.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#73 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 18 December 2009 - 04:23 PM

I haven't had access to my computer at the same time lately, so I haven't been able to work on this. I think I will restart efforts on this in a few hours. I am still at work. Anyway, re instructions: ...Goto Start -> Settings -> Control Panel -> DisplayChoose the Desktop Tab ...Click on "Customize Desktop" button. ...On this new window click on "Web" tab. ...In the list of "Web Pages" ...delete the items named "Privacy Protection" and "WINDOWS\privacy_danger\index.htm" ...apply the new settings by clicking ok. Delete I do not see "Privacy Protection" and "WINDOWS\privacy_danger\index.htm" From memory, the only thing listed was "My current Web Browser" or "My current Web Page"

#74 kapusta

kapusta

    Authentic Member

  • Authentic Member
  • PipPip
  • 125 posts

Posted 18 December 2009 - 08:24 PM

"My current home page". OK. On to the rest of the list.

#75 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 December 2009 - 08:30 PM

:thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·