Jump to content

Hijack This Log File


Recommended Posts

Hello. I'm trying to get ride of Malware.Trace and the stupid Vundo trojan. Malwarebytes cleans it up temporarily but it keeps coming back. The Forum instructions said to post the logfile here so here it is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:41:18 AM, on 1/20/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {A4EE03E1-2B3E-468D-9BEA-D3B35135A9D9} - (no file)

O2 - BHO: (no name) - {F89A9E2B-4376-45E8-B4BB-EB7AAC4E5074} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Julie\LOCALS~1\Temp\IXP000.TMP\"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136107229593

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7520-b289h/rnl/java/RntX.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: faqehw.dll oxvkne.dll ustwfm.dll vfuamy.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 11381 bytes

Thank you ever so much for your help!

Link to post
Share on other sites

Hello Syntaniel

Welcome to Malwarebytes. ;)

=====================

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

================

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Link to post
Share on other sites

Thank you so much for helping!

First is the DDS txt, then the attach file, then the gmer response. I'll try to block out some space between. Thanks again!

DDS.txt

DDS (Ver_09-01-18.01) - NTFSx86

Run by Julie at 18:10:11.23 on Tue 01/20/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1097 [GMT -6:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Julie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {A4EE03E1-2B3E-468D-9BEA-D3B35135A9D9} - No File

BHO: {F89A9E2B-4376-45E8-B4BB-EB7AAC4E5074} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"

mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\julie\locals~1\temp\ixp000.tmp\"

mRunOnce: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck

dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\julie\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: faqehw.dll oxvkne.dll ustwfm.dll vfuamy.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julie\applic~1\mozilla\firefox\profiles\w3qq7ma8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.nytimes.com

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-6-28 16640]

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-8-29 821856]

R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-8-29 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-8-29 27776]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-8-29 10760]

R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-8-29 418816]

R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-8-29 49664]

R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-8-29 406528]

R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-8-29 4960]

R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-1 1174664]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-8 33752]

S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2008-8-21 10986]

S4 Ca533av;Polaroid Digital Cam Video;c:\windows\system32\drivers\Ca533av.sys [2008-8-21 515803]

=============== Created Last 30 ================

2009-01-20 06:41 <DIR> --d----- c:\program files\Trend Micro

2009-01-17 20:31 4,681,482,240 a------- C:\CLERKS_2.ISO

2009-01-16 19:07 4,681,439,232 a------- C:\GHOST_WHISPER.ISO

2009-01-15 07:01 <DIR> --d----- c:\docume~1\julie\applic~1\Malwarebytes

2009-01-15 07:00 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-01-15 07:00 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-15 07:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-01-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-01-15 06:25 <DIR> --d----- c:\program files\Spyware Doctor

2009-01-14 20:12 <DIR> --d----- C:\VundoFix Backups

2009-01-14 18:47 129,024 a------- c:\windows\system32\vfuamy.dll

2009-01-14 18:47 129,024 a------- c:\windows\system32\fenqbhlq.dll

2009-01-13 18:45 129,024 a------- c:\windows\system32\ustwfm.dll

2009-01-13 18:45 129,024 a------- c:\windows\system32\usfgedcm.dll

2009-01-11 22:22 121 a--sh--- c:\windows\system32\abdxlouq.ini

2009-01-10 22:21 120 a--sh--- c:\windows\system32\xfolvlqn.ini

2009-01-10 08:06 <DIR> --d----- c:\program files\Microsoft Money Plus

2009-01-02 17:36 <DIR> --d----- c:\program files\Bonjour

2009-01-02 17:35 <DIR> --d----- c:\program files\iPod

2009-01-02 17:35 <DIR> --d----- c:\program files\iTunes

2009-01-02 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-01-12 09:20 96,384 a------- c:\windows\system32\drivers\sptddrv1.sys

2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe

2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll

2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys

2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll

2008-06-20 19:38 1,480 a------- c:\docume~1\julie\applic~1\mindhabits.dat

2008-04-07 18:38 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

2008-01-08 22:04 0 ----h--- c:\program files\AppUpdate.log

2007-12-06 07:01 32 a----r-- c:\documents and settings\all users\hash.dat

2008-08-16 02:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat

============= FINISH: 18:10:44.68 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/1/2006 2:51:22 AM

System Uptime: 1/17/2009 2:03:39 PM (76 hours ago)

Motherboard: | | NF-CK804

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2210/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 95.067 GiB free.

D: is CDROM (UDF)

E: is CDROM (UDF)

F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\3&2411E6FE&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\3&2411E6FE&0

Service: i8042prt

==== System Restore Points ===================

RP648: 1/13/2009 6:44:37 PM - System Checkpoint

RP649: 1/13/2009 6:44:38 PM - System Checkpoint

RP650: 1/13/2009 6:44:38 PM - Software Distribution Service 3.0

RP651: 1/13/2009 6:44:38 PM - System Checkpoint

RP652: 1/13/2009 6:44:38 PM - System Checkpoint

RP653: 1/13/2009 6:44:38 PM - System Checkpoint

RP654: 1/13/2009 6:44:38 PM - System Checkpoint

RP655: 1/13/2009 6:44:38 PM - System Checkpoint

RP656: 1/13/2009 6:44:38 PM - System Checkpoint

RP657: 1/13/2009 6:44:38 PM - System Checkpoint

RP658: 1/13/2009 6:44:38 PM - System Checkpoint

RP659: 1/13/2009 6:44:39 PM - Software Distribution Service 3.0

RP660: 1/13/2009 6:44:39 PM - System Checkpoint

RP661: 1/13/2009 6:44:39 PM - System Checkpoint

RP662: 1/13/2009 6:44:39 PM - System Checkpoint

RP663: 1/13/2009 6:44:39 PM - System Checkpoint

RP664: 1/13/2009 6:44:39 PM - System Checkpoint

RP665: 1/13/2009 6:44:39 PM - System Checkpoint

RP666: 1/13/2009 6:44:40 PM - System Checkpoint

RP667: 1/13/2009 6:44:40 PM - System Checkpoint

RP668: 1/13/2009 6:44:40 PM - System Checkpoint

RP669: 1/13/2009 6:44:40 PM - System Checkpoint

RP670: 1/13/2009 6:44:40 PM - System Checkpoint

RP671: 1/13/2009 6:44:40 PM - System Checkpoint

RP672: 1/13/2009 6:44:40 PM - System Checkpoint

RP673: 1/13/2009 6:44:40 PM - System Checkpoint

RP674: 1/13/2009 6:44:41 PM - Software Distribution Service 3.0

RP675: 1/13/2009 6:44:41 PM - System Checkpoint

RP676: 1/13/2009 6:44:41 PM - System Checkpoint

RP677: 1/13/2009 6:44:41 PM - System Checkpoint

RP678: 1/13/2009 6:44:41 PM - System Checkpoint

RP679: 1/13/2009 6:44:41 PM - System Checkpoint

RP680: 1/13/2009 6:44:41 PM - System Checkpoint

RP681: 1/13/2009 6:44:41 PM - System Checkpoint

RP682: 1/13/2009 6:44:41 PM - System Checkpoint

RP683: 1/13/2009 6:44:41 PM - System Checkpoint

RP684: 1/13/2009 6:44:42 PM - System Checkpoint

RP685: 1/13/2009 6:44:42 PM - System Checkpoint

RP686: 1/13/2009 6:44:42 PM - Installed OverDrive Media Console

RP687: 1/13/2009 6:44:42 PM - System Checkpoint

RP688: 1/13/2009 6:44:42 PM - System Checkpoint

RP689: 1/13/2009 6:44:42 PM - System Checkpoint

RP690: 1/13/2009 6:44:42 PM - System Checkpoint

RP691: 1/13/2009 6:44:43 PM - System Checkpoint

RP692: 1/13/2009 6:44:43 PM - System Checkpoint

RP693: 1/13/2009 6:44:43 PM - System Checkpoint

RP694: 1/13/2009 6:44:43 PM - System Checkpoint

RP695: 1/13/2009 6:44:43 PM - System Checkpoint

RP696: 1/13/2009 6:44:43 PM - System Checkpoint

RP697: 1/13/2009 6:44:43 PM - System Checkpoint

RP698: 1/13/2009 6:44:43 PM - System Checkpoint

RP699: 1/13/2009 6:44:43 PM - System Checkpoint

RP700: 1/13/2009 6:44:44 PM - System Checkpoint

RP701: 1/13/2009 6:44:44 PM - Software Distribution Service 3.0

RP702: 1/13/2009 6:44:44 PM - System Checkpoint

RP703: 1/13/2009 6:44:44 PM - System Checkpoint

RP704: 1/13/2009 6:44:44 PM - System Checkpoint

RP705: 1/13/2009 6:44:45 PM - System Checkpoint

RP706: 1/13/2009 6:44:45 PM - System Checkpoint

RP707: 1/13/2009 6:44:45 PM - System Checkpoint

RP708: 1/13/2009 6:44:45 PM - Software Distribution Service 3.0

RP709: 1/13/2009 6:44:45 PM - System Checkpoint

RP710: 1/13/2009 6:44:45 PM - System Checkpoint

RP711: 1/13/2009 6:44:45 PM - System Checkpoint

RP712: 1/13/2009 6:44:45 PM - System Checkpoint

RP713: 1/13/2009 6:44:46 PM - System Checkpoint

RP714: 1/13/2009 6:44:46 PM - System Checkpoint

RP715: 1/13/2009 6:44:46 PM - System Checkpoint

RP716: 1/13/2009 6:44:46 PM - System Checkpoint

RP717: 1/13/2009 6:44:46 PM - System Checkpoint

RP718: 1/13/2009 6:44:47 PM - System Checkpoint

RP719: 1/13/2009 6:44:47 PM - System Checkpoint

RP720: 1/13/2009 6:44:47 PM - System Checkpoint

RP721: 1/13/2009 6:44:48 PM - System Checkpoint

RP722: 1/13/2009 6:44:48 PM - System Checkpoint

RP723: 1/13/2009 6:44:48 PM - System Checkpoint

RP724: 1/13/2009 6:44:48 PM - System Checkpoint

RP725: 1/13/2009 6:44:48 PM - Installed Microsoft Money Shared Libraries

RP726: 1/13/2009 6:44:48 PM - Last known good configuration

RP727: 1/13/2009 6:44:49 PM - Last known good configuration

RP728: 1/13/2009 6:44:50 PM - System Checkpoint

RP729: 1/13/2009 6:44:51 PM - System Checkpoint

RP730: 1/13/2009 6:44:59 PM - Last known good configuration

RP731: 1/14/2009 7:16:03 PM - System Checkpoint

RP732: 1/14/2009 10:43:02 PM - Cleaned registry with Windows Live OneCare safety scanner

RP733: 1/15/2009 11:22:12 PM - System Checkpoint

RP734: 1/17/2009 12:06:10 AM - System Checkpoint

RP735: 1/17/2009 11:43:48 AM - Software Distribution Service 3.0

RP736: 1/18/2009 12:09:11 PM - System Checkpoint

RP737: 1/19/2009 1:07:59 PM - System Checkpoint

RP738: 1/20/2009 2:07:59 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 7.1.0

Adobe Shockwave Player

Amazon MP3 Downloader 1.0.2

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression

AVG 7.5

Beach Party Craze

BeTrapped! (remove only)

Bonjour

Cake Mania

Link to post
Share on other sites

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesc:\windows\system32\vfuamy.dllc:\windows\system32\fenqbhlq.dllc:\windows\system32\ustwfm.dllc:\windows\system32\usfgedcm.dllc:\windows\system32\abdxlouq.inic:\windows\system32\xfolvlqn.inic:\windows\system32\digeste.dll
    :reg[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""
    :commands[emptytemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

===================================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=========================

Please post these logs in your next reply:


  1. Ot Move it log
  2. Malware Bytes log
  3. New Dds log
Link to post
Share on other sites

Hello.

OT Log

========== FILES ==========

DllUnregisterServer procedure not found in c:\windows\system32\vfuamy.dll

c:\windows\system32\vfuamy.dll NOT unregistered.

c:\windows\system32\vfuamy.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\fenqbhlq.dll

c:\windows\system32\fenqbhlq.dll NOT unregistered.

c:\windows\system32\fenqbhlq.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\ustwfm.dll

c:\windows\system32\ustwfm.dll NOT unregistered.

c:\windows\system32\ustwfm.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\usfgedcm.dll

c:\windows\system32\usfgedcm.dll NOT unregistered.

c:\windows\system32\usfgedcm.dll moved successfully.

c:\windows\system32\abdxlouq.ini moved successfully.

c:\windows\system32\xfolvlqn.ini moved successfully.

File/Folder c:\windows\system32\digeste.dll not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Julie\LOCALS~1\Temp\etilqs_kpghSwzMSiVB6ToyIOAk scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj02.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Julie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w3qq7ma8.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_195540

Malwarebytes' Anti-Malware Log

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 5.1.2600 Service Pack 3

1/20/2009 6:32:25 AM

mbam-log-2009-01-20 (06-32-25).txt

Scan type: Quick Scan

Objects scanned: 50988

Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I'm not sure if it makes a difference but the Malwarebytes is the program I've been using daily since this started to get rid of infected files. They just keep coming back.

Thanks,

Link to post
Share on other sites

sorry I forgot the DDS log.

DDS log

DDS (Ver_09-01-19.01) - NTFSx86

Run by Julie at 21:11:35.70 on Thu 01/22/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1052 [GMT -6:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Documents and Settings\Julie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {A4EE03E1-2B3E-468D-9BEA-D3B35135A9D9} - No File

BHO: {F89A9E2B-4376-45E8-B4BB-EB7AAC4E5074} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"

mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\julie\locals~1\temp\ixp000.tmp\"

mRunOnce: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck

mRunOnce: [OTMoveIt] c:\documents and settings\julie\desktop\OTMoveIt3.exe

dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\julie\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136107229593

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/7520-b289h/rnl/java/RntX.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julie\applic~1\mozilla\firefox\profiles\w3qq7ma8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.nytimes.com

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-6-28 16640]

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-8-29 821856]

R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-8-29 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-8-29 27776]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-8-29 10760]

R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-8-29 418816]

R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-8-29 49664]

R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-8-29 406528]

R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-8-29 4960]

R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-1 1174664]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-8 33752]

S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2008-8-21 10986]

S4 Ca533av;Polaroid Digital Cam Video;c:\windows\system32\drivers\Ca533av.sys [2008-8-21 515803]

=============== Created Last 30 ================

2009-01-21 19:55 <DIR> --d----- C:\_OTMoveIt

2009-01-20 18:15 250 a------- c:\windows\gmer.ini

2009-01-20 06:41 <DIR> --d----- c:\program files\Trend Micro

2009-01-17 20:31 4,681,482,240 a------- C:\CLERKS_2.ISO

2009-01-16 19:07 4,681,439,232 a------- C:\GHOST_WHISPER.ISO

2009-01-15 07:01 <DIR> --d----- c:\docume~1\julie\applic~1\Malwarebytes

2009-01-15 07:00 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-01-15 07:00 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-15 07:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-01-15 07:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-01-15 06:25 <DIR> --d----- c:\program files\Spyware Doctor

2009-01-14 20:12 <DIR> --d----- C:\VundoFix Backups

2009-01-10 08:06 <DIR> --d----- c:\program files\Microsoft Money Plus

2009-01-02 17:36 <DIR> --d----- c:\program files\Bonjour

2009-01-02 17:35 <DIR> --d----- c:\program files\iPod

2009-01-02 17:35 <DIR> --d----- c:\program files\iTunes

2009-01-02 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-01-12 09:20 96,384 a------- c:\windows\system32\drivers\sptddrv1.sys

2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe

2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll

2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys

2008-06-20 19:38 1,480 a------- c:\docume~1\julie\applic~1\mindhabits.dat

2008-04-07 18:38 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

2008-01-08 22:04 0 ----h--- c:\program files\AppUpdate.log

2007-12-06 07:01 32 a----r-- c:\documents and settings\all users\hash.dat

2008-08-16 02:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat

============= FINISH: 21:12:00.07 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/1/2006 2:51:22 AM

System Uptime: 1/17/2009 2:15:25 PM (127 hours ago)

Motherboard: | | NF-CK804

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2210/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 97.321 GiB free.

D: is CDROM (UDF)

E: is CDROM (UDF)

F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\3&2411E6FE&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\3&2411E6FE&0

Service: i8042prt

==== System Restore Points ===================

RP648: 1/13/2009 6:44:37 PM - System Checkpoint

RP649: 1/13/2009 6:44:38 PM - System Checkpoint

RP650: 1/13/2009 6:44:38 PM - Software Distribution Service 3.0

RP651: 1/13/2009 6:44:38 PM - System Checkpoint

RP652: 1/13/2009 6:44:38 PM - System Checkpoint

RP653: 1/13/2009 6:44:38 PM - System Checkpoint

RP654: 1/13/2009 6:44:38 PM - System Checkpoint

RP655: 1/13/2009 6:44:38 PM - System Checkpoint

RP656: 1/13/2009 6:44:38 PM - System Checkpoint

RP657: 1/13/2009 6:44:38 PM - System Checkpoint

RP658: 1/13/2009 6:44:38 PM - System Checkpoint

RP659: 1/13/2009 6:44:39 PM - Software Distribution Service 3.0

RP660: 1/13/2009 6:44:39 PM - System Checkpoint

RP661: 1/13/2009 6:44:39 PM - System Checkpoint

RP662: 1/13/2009 6:44:39 PM - System Checkpoint

RP663: 1/13/2009 6:44:39 PM - System Checkpoint

RP664: 1/13/2009 6:44:39 PM - System Checkpoint

RP665: 1/13/2009 6:44:39 PM - System Checkpoint

RP666: 1/13/2009 6:44:40 PM - System Checkpoint

RP667: 1/13/2009 6:44:40 PM - System Checkpoint

RP668: 1/13/2009 6:44:40 PM - System Checkpoint

RP669: 1/13/2009 6:44:40 PM - System Checkpoint

RP670: 1/13/2009 6:44:40 PM - System Checkpoint

RP671: 1/13/2009 6:44:40 PM - System Checkpoint

RP672: 1/13/2009 6:44:40 PM - System Checkpoint

RP673: 1/13/2009 6:44:40 PM - System Checkpoint

RP674: 1/13/2009 6:44:41 PM - Software Distribution Service 3.0

RP675: 1/13/2009 6:44:41 PM - System Checkpoint

RP676: 1/13/2009 6:44:41 PM - System Checkpoint

RP677: 1/13/2009 6:44:41 PM - System Checkpoint

RP678: 1/13/2009 6:44:41 PM - System Checkpoint

RP679: 1/13/2009 6:44:41 PM - System Checkpoint

RP680: 1/13/2009 6:44:41 PM - System Checkpoint

RP681: 1/13/2009 6:44:41 PM - System Checkpoint

RP682: 1/13/2009 6:44:41 PM - System Checkpoint

RP683: 1/13/2009 6:44:41 PM - System Checkpoint

RP684: 1/13/2009 6:44:42 PM - System Checkpoint

RP685: 1/13/2009 6:44:42 PM - System Checkpoint

RP686: 1/13/2009 6:44:42 PM - Installed OverDrive Media Console

RP687: 1/13/2009 6:44:42 PM - System Checkpoint

RP688: 1/13/2009 6:44:42 PM - System Checkpoint

RP689: 1/13/2009 6:44:42 PM - System Checkpoint

RP690: 1/13/2009 6:44:42 PM - System Checkpoint

RP691: 1/13/2009 6:44:43 PM - System Checkpoint

RP692: 1/13/2009 6:44:43 PM - System Checkpoint

RP693: 1/13/2009 6:44:43 PM - System Checkpoint

RP694: 1/13/2009 6:44:43 PM - System Checkpoint

RP695: 1/13/2009 6:44:43 PM - System Checkpoint

RP696: 1/13/2009 6:44:43 PM - System Checkpoint

RP697: 1/13/2009 6:44:43 PM - System Checkpoint

RP698: 1/13/2009 6:44:43 PM - System Checkpoint

RP699: 1/13/2009 6:44:43 PM - System Checkpoint

RP700: 1/13/2009 6:44:44 PM - System Checkpoint

RP701: 1/13/2009 6:44:44 PM - Software Distribution Service 3.0

RP702: 1/13/2009 6:44:44 PM - System Checkpoint

RP703: 1/13/2009 6:44:44 PM - System Checkpoint

RP704: 1/13/2009 6:44:44 PM - System Checkpoint

RP705: 1/13/2009 6:44:45 PM - System Checkpoint

RP706: 1/13/2009 6:44:45 PM - System Checkpoint

RP707: 1/13/2009 6:44:45 PM - System Checkpoint

RP708: 1/13/2009 6:44:45 PM - Software Distribution Service 3.0

RP709: 1/13/2009 6:44:45 PM - System Checkpoint

RP710: 1/13/2009 6:44:45 PM - System Checkpoint

RP711: 1/13/2009 6:44:45 PM - System Checkpoint

RP712: 1/13/2009 6:44:45 PM - System Checkpoint

RP713: 1/13/2009 6:44:46 PM - System Checkpoint

RP714: 1/13/2009 6:44:46 PM - System Checkpoint

RP715: 1/13/2009 6:44:46 PM - System Checkpoint

RP716: 1/13/2009 6:44:46 PM - System Checkpoint

RP717: 1/13/2009 6:44:46 PM - System Checkpoint

RP718: 1/13/2009 6:44:47 PM - System Checkpoint

RP719: 1/13/2009 6:44:47 PM - System Checkpoint

RP720: 1/13/2009 6:44:47 PM - System Checkpoint

RP721: 1/13/2009 6:44:48 PM - System Checkpoint

RP722: 1/13/2009 6:44:48 PM - System Checkpoint

RP723: 1/13/2009 6:44:48 PM - System Checkpoint

RP724: 1/13/2009 6:44:48 PM - System Checkpoint

RP725: 1/13/2009 6:44:48 PM - Installed Microsoft Money Shared Libraries

RP726: 1/13/2009 6:44:48 PM - Last known good configuration

RP727: 1/13/2009 6:44:49 PM - Last known good configuration

RP728: 1/13/2009 6:44:50 PM - System Checkpoint

RP729: 1/13/2009 6:44:51 PM - System Checkpoint

RP730: 1/13/2009 6:44:59 PM - Last known good configuration

RP731: 1/14/2009 7:16:03 PM - System Checkpoint

RP732: 1/14/2009 10:43:02 PM - Cleaned registry with Windows Live OneCare safety scanner

RP733: 1/15/2009 11:22:12 PM - System Checkpoint

RP734: 1/17/2009 12:06:10 AM - System Checkpoint

RP735: 1/17/2009 11:43:48 AM - Software Distribution Service 3.0

RP736: 1/18/2009 12:09:11 PM - System Checkpoint

RP737: 1/19/2009 1:07:59 PM - System Checkpoint

RP738: 1/20/2009 2:07:59 PM - System Checkpoint

RP739: 1/21/2009 3:07:59 PM - System Checkpoint

RP740: 1/22/2009 4:20:29 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 7.1.0

Adobe Shockwave Player

Amazon MP3 Downloader 1.0.2

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression

AVG 7.5

Beach Party Craze

BeTrapped! (remove only)

Bonjour

Cake Mania

Link to post
Share on other sites

My newest malwarebytes log

Malwarebytes' Anti-Malware 1.33

Database version: 1670

Windows 5.1.2600 Service Pack 3

1/23/2009 5:23:16 PM

mbam-log-2009-01-23 (17-23-16).txt

Scan type: Quick Scan

Objects scanned: 49513

Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Download Registry Search to your desktop.

  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Paste in this -> MS Juan inside of the white box.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.
Link to post
Share on other sites

Cleanup:

Please download OT CLeanit from Here save it to your desktop.

Double click on OT Clean it to run it.

Then click on Clean up.

Restart your computer when prompted.

This will remove what tools we used.

===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================

Delete\uninstall anything else that we have used.

System Restore

Then I will need you to reset your System Restore points.

The link below shows how to create a clean restore point.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual

=====================================

After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.

You do not have to have all or any of them they are only suggestions.

This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.