Hi
Thanks again Dakeyras!
Did what you asked
You're welcome!
I apolgise for the delay with myself replying.
OK there are three folders on your system I do not recorgnise, namely:
C:\Downloads
C:\WINDOWS\system32\RsFx
C:\fae0c0d1e993796764a45e
Please download DirLook by jpshortstuff from one of the following mirrors:
Link 1
Link 2
Link 3
- Double-click DirLook.exe to run it.
- Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
- Copy the content of the following codebox into the main textfield:
Code:
C:\Downloads
C:\WINDOWS\system32\RsFx
C:\fae0c0d1e993796764a45e
- Click the DirLook button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)
Note: Scanning may take longer for large folders.
Next:
Make sure Hidden Files are visible:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Now please open this page in your browser:
Fill in the link to topic field with a link to this topic:
Copy/paste the following into the Browse to the file you want to submit field:
C:\Windows\system32\digeste.dll
Then press Send File, this will upload the file for analysis
Please also carry out the above for the following:
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\prntvpt.dll
Next:
You currently have installed a application called SopCast 3.0.3
SopCast is a simple, free way to broadcast video and audio or watch the video and listen to radio on the Internet. Adopting P2P (Peer-to-Peer) technology, it is very efficient and easy to use. Let anyone become a broadcaster without the costs of a powerful server and vast bandwidth. You can build your own TV stations comparable with large commercial sites with minimal resources. Version 2.0.4 includes VoD feature.
Do you actually use this software, while not exactly un-safe I would be cautious about using this.
There is also evidance of a P2P (Peer-to-Peer) namely uTorrent, this I will be targeting for removal per the forum policy in place:
http://forums.spybot.info/showthread.php?t=282
Please respect my decision for doing so and it is in your own best interest to comply for the below reason:
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
- Please go here and download ERUNT.
- ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
- Install ERUNT by following the prompts.
- Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
- Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
- Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
- Make sure that at least the first two check boxes are selected.
- Click on OK
- Then click on YES to create the folder.
Next:
Please download OTMoveIT3 to your Desktop.
- Double-click OTMoveIt3.exe to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code:
:Files
C:\WINDOWS\system32\sxvgrkvu.ini
C:\WINDOWS\system32\xfepmxpt.ini
C:\WINDOWS\system32\IhkSCJlm.ini2
C:\WINDOWS\system32\mlJCSkhI
C:\WINDOWS\system32\8ffdd056-.txt
C:\WINDOWS\system32\IhkSCJlm.ini
C:\urambf.dll /s
C:\Program Files\uTorrent
:Reg
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}]
[-HKEY_CLASSES_ROOT\CLSID\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}]
[-HKEY_CLASSES_ROOT\CLSID\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}]
:Commands
[EmptyTemp]
[Reboot]
- Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
- Then click the red MoveIt! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
- If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
- Close OTMoveIt3.
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
- Double click once on RSIT.exe
- RSIT will start running, at the disclaimer click on Continue.
- When done, 1 log will be produced.
- Post that in your next reply.
When completed the above, please post back the following:
- File submission results.
- DirLook.txt.
- OTMoveIT3 Log.
- A new RSIT Log.