|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-20-2007, 11:54 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 3
OS: Dell Dimensions E510
|
Help on Error Messages
Don't know what the problem is but receiving error message all the time.
Windows Script Host Script: C:\Program Files\func.js Line: 76 Char: 1 Error: The system cannot find the file specified Code: 80070002 Source: (null) Please HELP!  THE FOLLOWING IS THE SCAN I DID FOR HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 12:48:38 PM, on 6/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\roxnxaem.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhra.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.drivecleaner.com O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantispyware.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164938534109 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://sympatico.zone.msn.com/bingam...utLauncher.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DomainService - - C:\WINDOWS\system32\roxnxaem.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
     |
|
06-20-2007, 04:29 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,355
OS: XP
|
Re: Help on Error Messages
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe
2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Last edited by sUBs : 06-20-2007 at 04:31 PM. |
|
|
|
|
06-20-2007, 09:05 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 3
OS: Dell Dimensions E510
|
Re: Help on Error Messages
Thanks for the reply. I tried the steps you advised but unfortunately it isn't working on my end.
When the scan is taking place my computer automatically turns off on it's own. Then it restarts and the scan log appears for a long period of time and starts the cycle again of shutting off and restarting. I don't know how I can produce a log for you at this time. I will turn off computer for an hour and try again. Thanks for the help and I will keep in contact once I am able to produce the log. |
|
|
|
|
06-20-2007, 09:33 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 3
OS: Dell Dimensions E510
|
Re: Help on Error Messages
OKAY I TRIED IT AGAIN AND IT WORKED. HERE IS THE SCAN LOG.
ComboFix 07-06-21 "Rod" - 2007-06-20 22:26:24 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 ))))))))))))))))))))))))))))))) 2007-06-20 21:01 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-20 20:53 122,944 --a------ C:\WINDOWS\system32\xbevtkwv.exe 2007-06-20 16:32 376 --a------ C:\WINDOWS\mozregistry.dat 2007-06-20 16:31 <DIR> d-------- C:\Program Files\hp deskjet 920c series 2007-06-20 16:31 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-06-19 18:16 122,944 --a------ C:\WINDOWS\system32\roxnxaem.exe 2007-06-19 06:10 31,254 --a------ C:\WINDOWS\system32\tuvtsro.dll 2007-06-19 06:07 31,254 --a------ C:\WINDOWS\system32\vtuuutr.dll 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\win 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\S7 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\S6 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\S4 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\S2 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\S1 2007-06-19 06:07 <DIR> d-------- C:\WINDOWS\system32\o02PrEz 2007-06-11 08:26 <DIR> d-------- C:\Program Files\iTunes 2007-06-08 04:06 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-06-05 19:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-20 11:04:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-19 18:08:00 -------- d-----w C:\Program Files\PartyGaming 2007-06-12 15:53:45 117,504 ----a-w C:\DOCUME~1\Rod\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-06-11 13:26:36 -------- d-----w C:\Program Files\iPod 2007-06-10 03:10:16 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-31 00:22:36 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-30 22:47:53 -------- d-----w C:\Program Files\Apple Software Update 2007-05-30 00:18:58 -------- d-----w C:\Program Files\Common Files\Scanner 2007-05-24 21:51:09 -------- d-----w C:\Program Files\Norton 360 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 19:01:48 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-14 02:29:24 -------- d-----w C:\DOCUME~1\Rod\APPLIC~1\Symantec 2007-05-14 01:50:22 -------- d-----w C:\Program Files\Symantec 2007-05-14 01:50:20 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-14 01:50:20 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-06 11:55:10 -------- d-----w C:\Program Files\QuickTime 2007-04-26 16:45:15 -------- d-----w C:\Program Files\WildTangent 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-03-30 21:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll 2006-11-11 23:56:03 152 --sh--r C:\WINDOWS\system32\A1E5398DAA.sys 2006-11-11 23:56:04 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 22:22] {2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 23:44] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20] {5D82A8BB-345F-414B-A66B-F5CB94DDE0E3}=C:\Program Files\MSN\ryxykuve83122.dll [2007-06-18 13:59] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56] {CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\BAE\BAE.dll [2006-02-22 20:00] {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\vtuuutr.dll [2007-06-19 06:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-31 14:32] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 20:20] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 20:20] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 18:45] "@"="" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11] "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\vtuuutr.dll" [2007-06-19 06:07] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuutr] vtuuutr.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-06-18 03:59:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-20 11:24:29 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Rod at 6 24 AM.job 2007-06-21 02:47:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-20 22:29:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-20 22:31:10 C:\ComboFix-quarantined-files.txt ... 2007-06-20 22:31 --- E O F --- |
|
|
|
|
06-21-2007, 12:04 AM
|
#5 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,355
OS: XP
|
Re: Help on Error Messages
Open notepad and copy/paste the text in the quotebox below into it:
Code:
@echo off For %%g in ( C:\WINDOWS\system32\xbevtkwv.exe C:\WINDOWS\system32\roxnxaem.exe C:\WINDOWS\system32\tuvtsro.dll C:\WINDOWS\system32\vtuuutr.dll C:\Program Files\MSN\ryxykuve83122.dll ) do catchme -l nul -k %%g >nul echo.Please submit the file, catchme.zip located on Desktop pause exit It should look like this:  Double click on Submit.bat & allow it to run This will generate a archive on your desktop, catchme.zip Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. --------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
File::
C:\WINDOWS\system32\xbevtkwv.exe
C:\WINDOWS\system32\roxnxaem.exe
C:\WINDOWS\system32\tuvtsro.dll
C:\WINDOWS\system32\vtuuutr.dll
C:\Program Files\MSN\ryxykuve83122.dll
Folder::
C:\WINDOWS\system32\win
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\o02PrEz
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5D82A8BB-345F-414B-A66B-F5CB94DDE0E3}=C:\Program Files\MSN\ryxykuve83122.dll [2007-06-18 13:59]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\vtuuutr.dll [2007-06-19 06:07]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuutr]
[-HKEY_CLASSES_ROOT\CLSID\{5D82A8BB-345F-414B-A66B-F5CB94DDE0E3}]
[-HKEY_CLASSES_ROOT\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}]
 Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Then post the resultant log --------------- Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------- In your next post, please include fresh logs from:
|
|
|
|
| Thread Tools | |
|
|
