Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32: JunkPoly [Cryp] [Closed]

Started by lex1245 , Apr 15 2009 02:06 AM

  • This topic is locked This topic is locked

#16
lex1245
Posted 17 April 2009 - 03:25 PM

lex1245

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  RootRepeal.txt   104.28KB   288 downloads
  • 0

Advertisements

#17
Rorschach112
Posted 17 April 2009 - 05:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open rootrepeal

click the drivers tab and click scan. right click and select force delete on the following


00000063
70129870.sys
okkmrbaf.sys



Then reboot and post a new RootRepeal log
  • 0

#18
lex1245
Posted 17 April 2009 - 10:07 PM

lex1245

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
For the three files, I got these respectively when trying to delete:

Invalid Path

Error Code

Invalid Path
  • 0

#19
Rorschach112
Posted 18 April 2009 - 04:34 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you try the mbam and kaspersky step again


do this if it fails


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#20
lex1245
Posted 18 April 2009 - 11:11 AM

lex1245

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  GMER.txt   167.96KB   146 downloads
  • 0

#21
Rorschach112
Posted 19 April 2009 - 06:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - ActiveX StubPath, Reg - App Paths, Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - ICQ Agent, Reg - NetSvcs, Reg - Print Monitors, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors ).
  • Under Rootkit Search change it to Yes
  • Under the Custom Scans box at the bottom left paste the following in

    %systemroot%\*.lte
    %systemroot%\*.smf
    %systemroot%\*.tsp
    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\*.aef
    %systemroot%\system32\drivers\*.aef
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\Temp\*.$$$
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %System%\AcroIeHelpe.dll
    %SYSTEMDRIVE%\*.epk
    %systemroot%\*.epk
    %systemroot%\system32\*.epk
    %systemroot%\system32\bb*.dat
    %systemroot%\system32\cookie*.dat
    %systemroot%\system32\kaxs.dat
    %systemroot%\system32\ps*.dat
    %systemroot%\system32\*32.sys
    %systemroot%\*.dr
    %SYSTEMDRIVE%\*.dr
    %systemroot%\system32\*.dr
    %systemroot%\system32\nods32.dll
    %systemroot%\*.res
    %SYSTEMDRIVE%\*.res
    %systemroot%\system32\*.res
    %systemroot%\system32\sockins32.dll
    %systemroot%\system32\Spool\*.*
    %systemroot%\system32\Spool\*.exe
    %systemroot%\system32\Spool\*.rar /s
    %systemroot%\system32\Spool\*.zip /s
    %systemroot%\system32\Spool\*.dat /s
    %ProgramFiles%\MSN Messenger\*.zip
    %ProgramFiles%\MSN Messenger\*.exe
    %ProgramFiles%\MSN Messenger\*.rar.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.dll
    %systemroot%\*.zip
    %systemroot%\*.rar
    %systemroot%\system32\*.zip
    %systemroot%\system32\*.rar
    %PROGRAMFILES%\*.*
    %DESKTOP%\*.zip
    %DESKTOP%\*.rar
    %DESKTOP%\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.
    %systemroot%\ime\imjp8_1\*bak*.
    %PROGRAMFILES%\QuickTime\*bak*.
    %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*.
    %PROGRAMFILES%\Analog Devices\Core\*bak*.
    %SYSTEMDRIVE%\hp\KBD\*bak*.
    %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*.
    %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*.
    %PROGRAMFILES%\BroadJump\Client Foundation\*bak*.
    %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*.
    %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*.
    %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*.
    %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*.
    %PROGRAMFILES%\Yahoo!\Messenger\*bak*.
    %USERNAME%\*.zip
    %USERNAME%\*.rar
    %USERNAME%\*.exe
    %USERPROFILE%\*.zip
    %USERPROFILE%\*.rar
    %USERPROFILE%\*.exe
    %ALLUSERSPROFILE%\*.zip
    %ALLUSERSPROFILE%\*.rar
    %ALLUSERSPROFILE%\*.exe
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.
    %PROGRAMFILES%\Internet Explorer\*.*
    %PROGRAMFILES%\Internet Explorer\PLUGINS\*.*
    %PROGRAMFILES%\Internet Explorer\*.zip /s
    %PROGRAMFILES%\Internet Explorer\*.rar /s
    %PROGRAMFILES%\Internet Explorer\*.exe /s
    %SYSTEMDRIVE%\*.dat
    %SYSTEMDRIVE%\*.sys
    %SYSTEMROOT%\*.dat
    %SYSTEMROOT%\*.sys
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system\*.exe /s
    %systemroot%\system\*.zip /s
    %systemroot%\system\*.rar /s
    %systemroot%\AppPatch\*.exe /s
    %systemroot%\AppPatch\*.zip /s
    %systemroot%\AppPatch\*.rar /s
    %systemroot%\Cache\*.*
    %systemroot%\Downloaded Program Files\*.*
    %systemroot%\Fonts\*.exe /s
    %systemroot%\Fonts\*.zip /s
    %systemroot%\Fonts\*.rar /s
    %systemroot%\Fonts\*.dll /s
    %systemroot%\Help\*.exe /s
    %systemroot%\Help\*.zip /s
    %systemroot%\Help\*.rar /s
    %systemroot%\Tasks\*.*
    %APPDATA%\*.sys
    %APPDATA%\Google\*.*
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %systemroot%\system32\aeaudio.sys
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\serauth1.dll /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\serauth2.dll /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\sysaudio.sys /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\aeaudio.sys /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\wdmaud.sys /rs
    %PROGRAMFILES%\*TinyProxy*.
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs
    %systemroot%\system32\inf\*.exe /s
    %systemroot%\system32\inf\*.zip /s
    %systemroot%\system32\inf\*.rar /s
    %systemroot%\system32\inf\*.dll /s
    %APPDATA%\Opera\Opera\profile\widgets\*.*
    %PROGRAMFILES%\Opera\program\plugins\*.* /s
    %APPDATA%\Opera\Opera\profile\toolbar\*.* /s
    %systemroot%\Web\*.exe /s
    %systemroot%\Web\*.dat /s
    %systemroot%\Web\*.dll /s
    %systemroot%\Web\*.sys /s
    %systemroot%\Web\*.zip /s
    %systemroot%\Web\*.rar /s
    %systemroot%\Wbem\*.exe /s
    %systemroot%\Wbem\*.rar /s
    %systemroot%\Wbem\*.zip /s
    %systemroot%\Wbem\*.dll /s
    %systemroot%\Wbem\*.sys /s
    %systemroot%\Wbem\*.dat /s
    %systemroot%\twain_32\*.exe
    %systemroot%\twain_32\*.dat
    %systemroot%\twain_32\*.dll
    %systemroot%\twain_32\*.sys /s
    %systemroot%\twain_32\*.zip /s
    %systemroot%\twain_32\*.rar /s
    %systemroot%\system\*.sys /s
    %systemroot%\system\*.dat /s
    %systemroot%\WinSxS\*.exe /s
    %systemroot%\WinSxS\*.dat /s
    %systemroot%\WinSxS\*.sys /s
    %systemroot%\WinSxS\*.zip /s
    %systemroot%\WinSxS\*.rar /s
    %systemroot%\Sun\*.dll /s
    %systemroot%\Sun\*.rar /s
    %systemroot%\Sun\*.zip /s
    %systemroot%\Sun\*.exe /s
    %systemroot%\Sun\*.sys /s
    %systemroot%\Sun\*.dat /s
    %systemroot%\srchasst\*.rar /s
    %systemroot%\srchasst\*.zip /s
    %systemroot%\srchasst\*.exe /s
    %systemroot%\srchasst\*.dat /s
    %systemroot%\srchasst\*.sys /s
    %systemroot%\Shellnew\*.rar /s
    %systemroot%\Shellnew\*.zip /s
    %systemroot%\Shellnew\*.dat /s
    %systemroot%\Shellnew\*.exe /s
    %systemroot%\Shellnew\*.sys /s
    %systemroot%\Shellnew\*.dll /s
    %systemroot%\Security\*.rar /s
    %systemroot%\Security\*.zip /s
    %systemroot%\Security\*.dat /s
    %systemroot%\Security\*.exe /s
    %systemroot%\Security\*.sys /s
    %systemroot%\Security\*.dll /s
    %systemroot%\Resources\*.rar /s
    %systemroot%\Resources\*.zip /s
    %systemroot%\Resources\*.dat /s
    %systemroot%\Resources\*.exe /s
    %systemroot%\Resources\*.sys /s
    %systemroot%\Repair\*.sys /s
    %systemroot%\Repair\*.exe /s
    %systemroot%\Repair\*.dll /s
    %systemroot%\Repair\*.zip /s
    %systemroot%\Repair\*.rar /s
    %systemroot%\Registration\*.exe /s
    %systemroot%\Registration\*.dat /s
    %systemroot%\Registration\*.zip /s
    %systemroot%\Registration\*.rar /s
    %systemroot%\Registration\*.dll /s
    %systemroot%\Registration\*.sys /s
    %systemroot%\RegisteredPackages\*.rar /s
    %systemroot%\RegisteredPackages\*.zip /s
    %systemroot%\pss\*.rar /s
    %systemroot%\pss\*.zip /s
    %systemroot%\pss\*.exe /s
    %systemroot%\pss\*.dll /s
    %systemroot%\pss\*.dat /s
    %systemroot%\pss\*.sys /s
    %systemroot%\Provisioning\*.rar /s
    %systemroot%\Provisioning\*.zip /s
    %systemroot%\Provisioning\*.exe /s
    %systemroot%\Provisioning\*.sys /s
    %systemroot%\Provisioning\*.dat /s
    %systemroot%\Provisioning\*.dll /s
    %systemroot%\PIF\*.*
    %systemroot%\PeerNet\*.rar /s
    %systemroot%\PeerNet\*.zip /s
    %systemroot%\PeerNet\*.dat /s
    %systemroot%\PeerNet\*.sys /s
    %systemroot%\PeerNet\*.exe /s
    %systemroot%\PcTel\*.rar /s
    %systemroot%\PcTel\*.zip /s
    %systemroot%\Offline Web Pages\*.exe /s
    %systemroot%\Offline Web Pages\*.zip /s
    %systemroot%\Offline Web Pages\*.rar /s
    %systemroot%\Offline Web Pages\*.sys /s
    %systemroot%\Offline Web Pages\*.dat /s
    %systemroot%\network diagnostic\*.sys /s
    %systemroot%\network diagnostic\*.rar /s
    %systemroot%\network diagnostic\*.zip /s
    %systemroot%\network diagnostic\*.dat /s
    %systemroot%\mui\*.*
    %systemroot%\msapps\*.*
    %systemroot%\msagent\*.zip /s
    %systemroot%\msagent\*.rar /s
    %systemroot%\msagent\*.sys /s
    %systemroot%\msagent\*.dat /s
    %systemroot%\minidump\*.*
    %systemroot%\media\*.sys /s
    %systemroot%\media\*.dat /s
    %systemroot%\media\*.rar /s
    %systemroot%\media\*.zip /s
    %systemroot%\media\*.exe /s
    %systemroot%\media\*.dll /s
    %systemroot%\Help\*.sys /s
    %systemroot%\Help\*.dat /s
    %systemroot%\ie7\*.sys /s
    %systemroot%\ie7\*.zip /s
    %systemroot%\ie7\*.rar /s
    %systemroot%\ie7\*.dat /s
    %systemroot%\ie7updates\*.sys /s
    %systemroot%\ie7updates\*.zip /s
    %systemroot%\ie7updates\*.rar /s
    %systemroot%\ime\*.sys /s
    %systemroot%\ime\*.zip /s
    %systemroot%\ime\*.rar /s
    %systemroot%\inf\*.sys /s
    %systemroot%\inf\*.dat /s
    %systemroot%\installer\*.sys /s
    %systemroot%\installer\*.zip /s
    %systemroot%\installer\*.rar /s
    %systemroot%\installer\*.dat /s
    %systemroot%\internet logs\*.sys /s
    %systemroot%\Cursors\*.rar /s
    %systemroot%\Cursors\*.sys /s
    %systemroot%\Cursors\*.exe /s
    %systemroot%\Cursors\*.dat /s
    %systemroot%\Cursors\*.zip /s
    %systemroot%\Cursors\*.vbs /s
    %systemroot%\Cursors\*.dll /s
    %systemroot%\Config\*.*
    %systemroot%\Config\*.rar /s
    %systemroot%\Config\*.sys /s
    %systemroot%\Config\*.exe /s
    %systemroot%\Config\*.dat /s
    %systemroot%\internet logs\*.dat /s
    %systemroot%\Assembly\*sys /s
    %systemroot%\Assembly\*.rar /s
    %systemroot%\internet logs\*.rar /s
    %systemroot%\AppPatch\*.sys
    %systemroot%\AppPatch\*.dat
    %systemroot%\internet logs\*.zip /s
    %systemroot%\internet logs\*.exe /s
    %systemroot%\internet logs\*.dll /s
    %systemroot%\l2schemas\*.sys /s
    %systemroot%\l2schemas\*.dat /s
    %systemroot%\l2schemas\*.rar /s
    %systemroot%\l2schemas\*.zip /s
    %systemroot%\l2schemas\*.exe /s
    %systemroot%\l2schemas\*.dll /s
    %systemroot%\Fonts\*.dat /s
    %systemroot%\Fonts\*.sys /s
    %systemroot%\Debug\*.rar /s
    %systemroot%\Debug\*.sys /s
    %systemroot%\Debug\*.exe /s
    %systemroot%\Debug\*.dat /s
    %systemroot%\Debug\*.zip /s
    %systemroot%\Debug\*.dll /s
    %systemroot%\ehome\*.dll /s
    %systemroot%\ehome\*.sys /s
    %systemroot%\ehome\*.rar /s
    %systemroot%\ehome\*.dat /s
    %systemroot%\ehome\*.zip /s
    %systemroot%\Connection Wizard\*.dat /s
    %systemroot%\Connection Wizard\*.exe /s
    %systemroot%\Connection Wizard\*.sys /s
    %systemroot%\Connection Wizard\*.rar /s
    %systemroot%\Connection Wizard\*.zip /s
    %systemroot%\Connection Wizard\*.*
    %systemroot%\system32\1025\*.*
    %systemroot%\system32\1028\*.*
    %systemroot%\system32\1031\*.*
    %systemroot%\system32\1033\*.exe
    %systemroot%\system32\1033\*.sys
    %systemroot%\system32\1033\*.zip
    %systemroot%\system32\1033\*.rar
    %systemroot%\system32\1033\*.dat
    %systemroot%\system32\1037\*.*
    %systemroot%\system32\1041\*.*
    %systemroot%\system32\1042\*.*
    %systemroot%\system32\1054\*.*
    %systemroot%\system32\2052\*.*
    %systemroot%\system32\3076\*.*
    %systemroot%\system32\appmgmt\*.exe /s
    %systemroot%\system32\appmgmt\*.sys /s
    %systemroot%\system32\appmgmt\*.dll /s
    %systemroot%\system32\appmgmt\*.dat /s
    %systemroot%\system32\appmgmt\*.zip /s
    %systemroot%\system32\appmgmt\*.rar /s
    %systemroot%\system32\bits\*.rar /s
    %systemroot%\system32\bits\*.zip /s
    %systemroot%\system32\bits\*.exe /s
    %systemroot%\system32\bits\*.dat /s
    %systemroot%\system32\bits\*.sys /s
    %systemroot%\system32\catroot\*.rar /s
    %systemroot%\system32\catroot\*.zip /s
    %systemroot%\system32\catroot\*.dll /s
    %systemroot%\system32\catroot\*.sys /s
    %systemroot%\system32\catroot\*.exe /s
    %systemroot%\system32\catroot\*.dat /s
    %systemroot%\system32\catroot2\*.rar /s
    %systemroot%\system32\catroot2\*.zip /s
    %systemroot%\system32\catroot2\*.exe /s
    %systemroot%\system32\catroot2\*.dat /s
    %systemroot%\system32\catroot2\*.dll /s
    %systemroot%\system32\catroot2\*.sys /s
    %systemroot%\system32\com\*.sys /s
    %systemroot%\system32\com\*.zip /s
    %systemroot%\system32\com\*.rar /s
    %systemroot%\system32\config\*.rar /s
    %systemroot%\system32\config\*.zip /s
    %systemroot%\system32\config\*.sys /s
    %systemroot%\system32\config\*.dll /s
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\dhcp\*.*
    %systemroot%\system32\DirectX\*.rar /s
    %systemroot%\system32\DirectX\*.zip /s
    %systemroot%\system32\DirectX\*.sys /s
    %systemroot%\system32\DirectX\*.dll /s
    %systemroot%\system32\DirectX\*.exe /s
    %systemroot%\system32\DirectX\*.dat /s
    %systemroot%\system32\Dllcache\*.zip /s
    %systemroot%\system32\Dllcache\*.rar /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system32\drvstore\*.dat
    %systemroot%\system32\drvstore\*.exe /s
    %systemroot%\system32\drvstore\*.zip /s
    %systemroot%\system32\drvstore\*.rar /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en\*.exe /s
    %systemroot%\system32\en\*.zip /s
    %systemroot%\system32\en\*.rar /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en-us\*.exe /s
    %systemroot%\system32\en-us\*.zip /s
    %systemroot%\system32\en-us\*.rar /s
    %systemroot%\system32\en-us\*.dll /s
    %systemroot%\system32\export\*.*
    %systemroot%\system32\GroupPolicy\*.sys /s
    %systemroot%\system32\GroupPolicy\*.dat /s
    %systemroot%\system32\GroupPolicy\*.exe /s
    %systemroot%\system32\GroupPolicy\*.zip /s
    %systemroot%\system32\GroupPolicy\*.rar /s
    %systemroot%\system32\GroupPolicy\*.dll /s
    %systemroot%\system32\ias\*.sys /s
    %systemroot%\system32\ias\*.dat /s
    %systemroot%\system32\ias\*.exe /s
    %systemroot%\system32\ias\*.zip /s
    %systemroot%\system32\ias\*.rar /s
    %systemroot%\system32\ias\*.dll /s
    %systemroot%\system32\icsxml\*.sys /s
    %systemroot%\system32\icsxml\*.dat /s
    %systemroot%\system32\icsxml\*.exe /s
    %systemroot%\system32\icsxml\*.zip /s
    %systemroot%\system32\icsxml\*.rar /s
    %systemroot%\system32\icsxml\*.dll /s
    %systemroot%\system32\ime\*.sys /s
    %systemroot%\system32\ime\*.dat /s
    %systemroot%\system32\ime\*.zip /s
    %systemroot%\system32\ime\*.rar /s
    %systemroot%\system32\inetsrv\*.sys /s
    %systemroot%\system32\inetsrv\*.dat /s
    %systemroot%\system32\inetsrv\*.exe /s
    %systemroot%\system32\inetsrv\*.zip /s
    %systemroot%\system32\inetsrv\*.rar /s
    %systemroot%\system32\LogFiles\*.sys /s
    %systemroot%\system32\LogFiles\*.dat /s
    %systemroot%\system32\LogFiles\*.exe /s
    %systemroot%\system32\LogFiles\*.zip /s
    %systemroot%\system32\LogFiles\*.rar /s
    %systemroot%\system32\LogFiles\*.dll /s
    %systemroot%\system32\Macromed\*.sys /s
    %systemroot%\system32\Macromed\*.dat /s
    %systemroot%\system32\Macromed\*.zip /s
    %systemroot%\system32\Macromed\*.rar /s
    %systemroot%\system32\Microsoft\*.sys /s
    %systemroot%\system32\Microsoft\*.dat /s
    %systemroot%\system32\Microsoft\*.exe /s
    %systemroot%\system32\Microsoft\*.zip /s
    %systemroot%\system32\Microsoft\*.rar /s
    %systemroot%\system32\Microsoft\*.dll /s
    %systemroot%\system32\Msdtc\*.sys /s
    %systemroot%\system32\Msdtc\*.dat /s
    %systemroot%\system32\Msdtc\*.exe /s
    %systemroot%\system32\Msdtc\*.zip /s
    %systemroot%\system32\Msdtc\*.rar /s
    %systemroot%\system32\Msdtc\*.dll /s
    %systemroot%\system32\Mui\*.sys /s
    %systemroot%\system32\Mui\*.dat /s
    %systemroot%\system32\Mui\*.exe /s
    %systemroot%\system32\Mui\*.zip /s
    %systemroot%\system32\Mui\*.rar /s
    %systemroot%\system32\npp\*.sys /s
    %systemroot%\system32\npp\*.dat /s
    %systemroot%\system32\npp\*.zip /s
    %systemroot%\system32\npp\*.rar /s
    %systemroot%\system32\NtMsData\*.sys /s
    %systemroot%\system32\NtMsData\*.dat /s
    %systemroot%\system32\NtMsData\*.exe /s
    %systemroot%\system32\NtMsData\*.zip /s
    %systemroot%\system32\NtMsData\*.rar /s
    %systemroot%\system32\NtMsData\*.dll /s
    %systemroot%\system32\oobe\*.sys /s
    %systemroot%\system32\oobe\*.dat /s
    %systemroot%\system32\oobe\*.zip /s
    %systemroot%\system32\oobe\*.rar /s
    %systemroot%\system32\PreInstall\*.sys /s
    %systemroot%\system32\PreInstall\*.dat /s
    %systemroot%\system32\PreInstall\*.exe /s
    %systemroot%\system32\PreInstall\*.zip /s
    %systemroot%\system32\PreInstall\*.rar /s
    %systemroot%\system32\PreInstall\*.dll /s
    %systemroot%\system32\ras\*.sys /s
    %systemroot%\system32\ras\*.dat /s
    %systemroot%\system32\ras\*.exe /s
    %systemroot%\system32\ras\*.zip /s
    %systemroot%\system32\ras\*.rar /s
    %systemroot%\system32\ras\*.dll /s
    %systemroot%\system32\ReInstallBackups\*.dat /s
    %systemroot%\system32\ReInstallBackups\*.zip /s
    %systemroot%\system32\ReInstallBackups\*.rar /s
    %systemroot%\system32\Restore\*.sys /s
    %systemroot%\system32\Restore\*.zip /s
    %systemroot%\system32\Restore\*.rar /s
    %systemroot%\system32\Restore\*.dll /s
    %systemroot%\system32\Scripting\*.sys /s
    %systemroot%\system32\Scripting\*.dat /s
    %systemroot%\system32\Scripting\*.exe /s
    %systemroot%\system32\Scripting\*.zip /s
    %systemroot%\system32\Scripting\*.rar /s
    %systemroot%\system32\Scripting\*.dll /s
    %systemroot%\system32\Setup\*.sys /s
    %systemroot%\system32\Setup\*.dat /s
    %systemroot%\system32\Setup\*.exe /s
    %systemroot%\system32\Setup\*.zip /s
    %systemroot%\system32\Setup\*.rar /s
    %systemroot%\system32\ShellExt\*.*
    %systemroot%\system32\SoftwareDistribution\*.sys /s
    %systemroot%\system32\SoftwareDistribution\*.dat /s
    %systemroot%\system32\SoftwareDistribution\*.exe /s
    %systemroot%\system32\SoftwareDistribution\*.zip /s
    %systemroot%\system32\SoftwareDistribution\*.rar /s
    %systemroot%\system32\URTTEmp\*.sys /s
    %systemroot%\system32\URTTEmp\*.dat /s
    %systemroot%\system32\URTTEmp\*.zip /s
    %systemroot%\system32\URTTEmp\*.rar /s
    %systemroot%\system32\USMT\*.sys /s
    %systemroot%\system32\USMT\*.dat /s
    %systemroot%\system32\USMT\*.zip /s
    %systemroot%\system32\USMT\*.rar /s
    %systemroot%\system32\Wbem\*.sys /s
    %systemroot%\system32\Wbem\*.zip /s
    %systemroot%\system32\Wbem\*.rar /s
    %systemroot%\system32\Wins\*.*
    %systemroot%\system32\Xircom\*.*
    %systemroot%\system32\XPSViewer\*.sys /s
    %systemroot%\system32\XPSViewer\*.dat /s
    %systemroot%\system32\XPSViewer\*.zip /s
    %systemroot%\system32\XPSViewer\*.rar /s
    %systemroot%\system32\XPSViewer\*.dll /s
    %COMMONPROGRAMFILES%\*.sys /s
    %COMMONPROGRAMFILES%\*.zip /s
    %COMMONPROGRAMFILES%\*.rar /s
    %COMMONPROGRAMFILES%\*.*
    %ProgramFiles%\Movie Maker\*.dll
    %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
    %systemroot%\java\apps\*.*
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    %systemroot%\winstart.bat
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VxD
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\Scripts|Startup /rs
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MPRServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
    %systemroot%\system32\basequu32.dll
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath




  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#22
lex1245
Posted 19 April 2009 - 08:35 AM

lex1245

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  OTScanIt2.txt.zip   242.16KB   323 downloads
  • 0

#23
Rorschach112
Posted 20 April 2009 - 08:04 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YY -> btdna.exe -> %ProgramFiles%\DNA\btdna.exe
YY -> viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe
[Win32 Services - Safe List]
YY -> (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Stopped] ->
YY -> (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] ->
YY -> (Swupdtmr) Swupdtmr [Win32_Own | Auto | Stopped] ->
YY -> (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "CFSServ.exe" -> [CFSServ.exe -NoClient]
YN -> "MSPY2002" -> [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC]
YN -> "PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC]
YN -> "PSQLLauncher" -> ["C:\Program Files\Protector Suite QL\launcher.exe" /startup]
YN -> "TFncKy" -> [TFncKy.exe]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "\??\C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1]
YY -> "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YY -> "C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YY -> \{b91fa2e5-3ba5-11db-a7ca-806d6172696f}\Shell\AutoRun\command\\"" -> D:\setup.exe [D:\setup.exe]
YN -> \{bb54f1e2-1e53-11de-ad3e-0013025ce302}\Shell\AutoRun\command\\"" -> H:\MAGICDISC.EXE [H:\MAGICDISC.EXE]
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YY -> combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [C:\Documents and Settings\Alex\Desktop\ComboFix.exe]
[Files/Folders - Created Within All Days]
NY -> 273 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\Alex\My Documents\*.tmp files -> C:\Documents and Settings\Alex\My Documents\*.tmp
NY -> gmer.exe -> %UserProfile%\Desktop\gmer.exe
NY -> BitTorrent -> %ProgramFiles%\BitTorrent
NY -> hello.exe -> %UserProfile%\hello.exe
NY -> RootRepeal -> %UserProfile%\Desktop\RootRepeal
NY -> Ares -> %ProgramFiles%\Ares
NY -> Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe
NY -> vFind.exe -> %SystemRoot%\vFind.exe
NY -> SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe
NY -> SWREG.exe -> %SystemRoot%\SWREG.exe
NY -> SWSC.exe -> %SystemRoot%\SWSC.exe
NY -> sed.exe -> %SystemRoot%\sed.exe
NY -> grep.exe -> %SystemRoot%\grep.exe
NY -> zip.exe -> %SystemRoot%\zip.exe
NY -> NIRCMD.exe -> %SystemRoot%\NIRCMD.exe
NY -> Qoobox -> %SystemDrive%\Qoobox
NY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
NY -> OTListIt2a.exe -> %UserProfile%\Desktop\OTListIt2a.exe
NY -> Rooter$ -> %SystemDrive%\Rooter$
NY -> Rooterr.exe -> %UserProfile%\Desktop\Rooterr.exe
NY -> SysRestorePoint.exe -> %UserProfile%\Desktop\SysRestorePoint.exe
[File - Lop Check]
NY -> BitTorrent -> C:\Documents and Settings\Alex\Application Data\BitTorrent
NY -> DNA -> C:\Documents and Settings\Alex\Application Data\DNA
[Custom Scans]
NY -> alcxhweq.dat -> C:\WINDOWS\system32\drivers\alcxhweq.dat
NY -> VundoFix Backups -> C:\VundoFix Backups
NY -> Ares -> C:\Program Files\Ares
NY -> DNA -> C:\Program Files\DNA
NY -> eMusic Download Manager -> C:\Program Files\eMusic Download Manager
NY -> EsetOnlineScanner -> C:\Program Files\EsetOnlineScanner
NY -> Viewpoint -> C:\Program Files\Viewpoint
NY -> alcxhweq.dat -> C:\WINDOWS\system32\drivers\alcxhweq.dat
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#24
lex1245
Posted 20 April 2009 - 05:28 PM

lex1245

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I clicked "Yes" to reboot after the scan was completed, but it would not reboot. I then tried to reboot by using the start menu, but it still wouldn't reboot (it wouldn't log off account or turn off the computer either when I tried with the start menu, no matter how long I waited); so I force powered off the computer. Now Windows Xp loads, but at the Log In Screen there are no User Accounts for me to log into; I can't access my computer and am on a library computer. Is there a way to create a new User Account without the need for a Windows Disk (I can't get to a disk)?



(CTRL+ALT+DEL Doesn't bring up the task manager, Booting in Safe Mode gives the same account-less blue windows log in screen, and booting in last known working configuration gives the same)

Edited by lex1245, 20 April 2009 - 07:01 PM.

  • 0

#25
Rorschach112
Posted 21 April 2009 - 06:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
weird

Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.
  • 0

Advertisements

#26
Rorschach112
Posted 26 April 2009 - 02:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP