avprox777

November 10, 2008

well, i was running OTScanIt2 and it got an error halfway through. it finished and asked if i wanted to reboot, i said yes, and it wouldnt reboot. so i manually restarted (held down the power button) and when i turned my computer back on, it got to the login screen and there were no users to log onto. the screen was just blank. so i went into safe mode, and it was the same. i ended up just formatting my computer, so i guess you can close this thread, because the issue is resolved. thanks again for all the help, i really appreciate it.

November 9, 2008

Here's the OTScanIt report.

OTScanIt.Txt

November 9, 2008

SDFix: Version 1.240

Run by Owner on Sun 11/09/2008 at 01:10 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\comsa32.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-09 14:36:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\afisicx.exe [1884] 0x85F37020

C:\WINDOWS\system32\noytcyr.exe [1236] 0x85CC3C18

C:\WINDOWS\system32\roytctm.exe [1312] 0x85CBB638

C:\WINDOWS\system32\tdydowkc.exe [1776] 0x84B4DDA0

C:\WINDOWS\system32\wsldoekd.exe [1968] 0x84B41C80

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

"khjeh"=hex:20,02,00,00,a6,d3,71,e9,1b,3a,37,c4,62,55,97,4c,9d,bd,dd,fb,66,..

"hj34z0"=hex:d1,8e,77,fc,dd,09,81,38,8d,e1,ca,8f,f2,95,de,02,f2,a4,99,c6,77,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\x2558\x2524Ã¤\OpenWithProgids]

"X%$%Ã¤?_?a?u?t?o?_?f?i?l?e?"=hex(0):

scanning hidden files ...

scan completed successfully

hidden processes: 5

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 8 Mar 2007 258,560 A..H. --- "C:\Program Files\Adobe\upx.exe"

Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"

Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"

Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"

Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"

Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"

Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"

Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"

Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"

Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"

Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"

Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"

Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"

Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"

Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"

Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"

Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"

Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"

Wed 30 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Wed 30 Jul 2008 1,829,712 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Thu 8 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"

Thu 3 Apr 2008 80 ..SHR --- "C:\WINDOWS\system32\B007C43AE0.dll"

Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"

Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\Robbie\Application Data\U3\temp\Launchpad Removal.exe"

Thu 7 Jun 2001 339,968 A..H. --- "C:\Documents and Settings\Owner\Desktop\Downloads\M64K_079\Mupen64K 0.7.9\MSVCR70.dll"

Thu 7 Jun 2001 339,968 A..H. --- "C:\_OTMoveIt\MovedFiles\11092008_110058\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9\MSVCR70.dll"

Finished!

November 9, 2008

Do I use OTScanIt2 in normal or safe mode?

Also, I just want to say that I really appreciate you taking time out of your day to help me.

November 9, 2008

also, there seems to be a process called "udxfytw.sys" that hijackthis isnt picking up, that i know is the source of some of the malware.

November 9, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:50 AM, on 11/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Xfire\xfiremusic.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

C:\Program Files\Creative\Software Update 3\SoftAuto.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Xfire\xfire.exe

C:\WINDOWS\system32\msnioed.exe

C:\WINDOWS\system32\mabidwe.exe

C:\WINDOWS\system32\soxpeca.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"

O4 - HKCU\..\Run: [softAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Steam.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe (User 'Default user')

O4 - .DEFAULT Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'Default user')

O4 - .DEFAULT Startup: Steam.lnk = ? (User 'Default user')

O4 - Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe

O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe

O4 - Startup: Steam.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: afisicx - Unknown owner - C:\WINDOWS\system32\afisicx.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe

O23 - Service: Windows File Manager Services (mscbcosd) - Unknown owner - C:\WINDOWS\system32\mscbco.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: noytcyr - Unknown owner - C:\WINDOWS\system32\noytcyr.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: root - Unknown owner - C:\Program.exe (file missing)

O23 - Service: roytctm - Unknown owner - C:\WINDOWS\system32\roytctm.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe

O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe

O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--

End of file - 10626 bytes

November 9, 2008

yeah, i havent reformatted my HDD for a good 3 years, so im definately due for it.

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

DllUnregisterServer procedure not found in C:\Documents and Settings\Owner\Desktop\Downloads\M64K_079\Mupen64K 0.7.9\kailleraclient.dll

C:\Documents and Settings\Owner\Desktop\Downloads\M64K_079\Mupen64K 0.7.9\kailleraclient.dll NOT unregistered.

C:\Documents and Settings\Owner\Desktop\Downloads\M64K_079\Mupen64K 0.7.9\kailleraclient.dll moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\emu shit.rar moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9\ScreenShots moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9\save moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9\plugin moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9\Lang moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079\Mupen64K 0.7.9 moved successfully.

C:\Documents and Settings\Owner\Desktop\emu shit\M64K_079 moved successfully.

C:\Documents and Settings\Owner\Desktop\Rarely Used Shortcuts\CBS Refresh.exe moved successfully.

C:\Documents and Settings\Robbie\Desktop\ZwinkySetup2.2.60.11-2.ZJfox000.exe moved successfully.

C:\WINDOWS\system32\msnioed.exe moved successfully.

C:\WINDOWS\system32\noytcyr.exe moved successfully.

C:\WINDOWS\system32\roytctm.exe moved successfully.

C:\WINDOWS\system32\tdydowkc.exe moved successfully.

C:\WINDOWS\system32\wsldoekd.exe moved successfully.

C:\WINDOWS\system32\zzzzz.zzz moved successfully.

C:\Documents and Settings\Owner\Desktop\Modified_WPE___Filter\WPE Pro moved successfully.

C:\Documents and Settings\Owner\Desktop\Modified_WPE___Filter moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_5RSHXQmaI50Uwpp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_a40.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\mta115464.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mta40322.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mta70383.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mta95314.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mta99655.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Opera cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11092008_110058

Files moved on Reboot...

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_5RSHXQmaI50Uwpp not found!

File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_a40.dat not found!

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

C:\WINDOWS\temp\mta115464.dll unregistered successfully.

C:\WINDOWS\temp\mta115464.dll moved successfully.

C:\WINDOWS\temp\mta40322.dll unregistered successfully.

C:\WINDOWS\temp\mta40322.dll moved successfully.

C:\WINDOWS\temp\mta70383.dll unregistered successfully.

C:\WINDOWS\temp\mta70383.dll moved successfully.

C:\WINDOWS\temp\mta95314.dll unregistered successfully.

C:\WINDOWS\temp\mta95314.dll moved successfully.

C:\WINDOWS\temp\mta99655.dll unregistered successfully.

C:\WINDOWS\temp\mta99655.dll moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\3szpobj6.default\XUL.mfl moved successfully.

November 9, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:38 PM, on 11/8/2008