Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old January 21st, 2009, 06:42 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
system security program vista (moved from Vista Forum)

Help I am going crazy!
Suddendly my computer is in chaos. Seems SYSTEM SECURITY has taken over. I have protection through the cable network which is CHARTER SECURITY SUITE in Oregon. But this security system keeps telling me I have viruses, trojans. My charter security says I am fine. I downloaded AVG and it got rid of 10 viruses. I can not delete this system security from visit apart of the vista windows? I keep getting pop ups that say "it has blocked a program from accessing the internet. Then down below it names it as . Pop ups keep coming and if I "give in" and update, then of course they want 30 bucks.
I can not find this in my control panel ( programs) so I can not delete it. As I am fighting these I then get pop ups from microsofr windows saying " 79B1.tmp has stopped working and IC29.tmp and 2221.tmp. also 7884.tmp.
I noticed when I go to my favorites and scroll down to find something, it closes on me and also seems hard to type, like some letters don't want to work. Yes it seems like alot, I hope there is an easy answer and fix.
This has been going on for 2 days now. I did remove the Charter security protection, that was not it.
Information on the system security is folder path C:\users\jeanie
appData\roaming\micro name: system security link
Reply With Quote
  #2  
Old January 24th, 2009, 02:09 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello smiley59,

Not sure from that description exactly what may be a cause of issues there. Let's get more details and check.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Reply With Quote
  #3  
Old January 24th, 2009, 07:44 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
Post Rsit

I hope I understood correctly.
The pop ups are not as bad, but still being re-directed on web pages and keeps saying I havea trojan horse SHeun 2 MDY. Today no pages were up, just wallpaper and it was like a radio station was coming through?????
Sure hope you can help me
Logfile of random's system information tool 1.05 (written by random/random)
Run by jeanie at 2009-01-23 22:26:33
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 338 GB (91%) free of 370 GB
Total RAM: 2039 MB (63% free)

nfo.txt logfile of random's system information tool 1.05 2009-01-23 22:26:44

======Uninstall list======

-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\Gateway Games\BloodTies\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Magic Ball 3\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Trivia Gems\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Trivia Machine\Uninstall.exe"
-->"C:\Program Files\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BigFix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series User Registration-->C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
Canon MP210 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
Gateway Connect-->MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}
Gateway Games-->"C:\Program Files\Gateway Games\Uninstall.exe"
Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Microsoft Money Essentials-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mind Medley (remove only)-->"C:\Program Files\Mind Medley\Uninstall.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PS2 Multimedia Keyboard Driver-->"C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\setup.exe" -ul
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
Quit Counter-->"C:\Program Files\Quit Counter\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SU BSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.inf
Spare Backup-->MsiExec.exe /X{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
UltimateBet-->"C:\Poker Application\UltimateBet\unins000.exe"
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

======Security center information======

AV: AVG Anti-Virus Free
FW: CA Personal Firewall
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

System event log

Computer Name: jeanie-PC
Event Code: 7036
Message: The TPM Base Services service entered the stopped state.
Record Number: 97718
Source Name: Service Control Manager
Time Written: 20090124062055.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 7036
Message: The Security Center service entered the running state.
Record Number: 97719
Source Name: Service Control Manager
Time Written: 20090124062055.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 7036
Message: The Windows Update service entered the running state.
Record Number: 97720
Source Name: Service Control Manager
Time Written: 20090124062056.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 537
Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Record Number: 97721
Source Name: Microsoft-Windows-TBS
Time Written: 20090124062055.115716-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: jeanie-PC
Event Code: 7036
Message: The Windows Media Center Service Launcher service entered the stopped state.
Record Number: 97722
Source Name: Service Control Manager
Time Written: 20090124062057.000000-000
Event Type: Information
User:

Application event log

Computer Name: jeanie-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 25426
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090124061948.800116-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: jeanie-PC
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 25427
Source Name: SecurityCenter
Time Written: 20090124062055.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 103
Message: WinMail (3656) WindowsMail0: The database engine stopped the instance (0).
Record Number: 25428
Source Name: ESENT
Time Written: 20090124062256.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 25429
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090124062306.000000-000
Event Type: Information
User:

Computer Name: jeanie-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 25430
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090124062306.000000-000
Event Type: Information
User:

Security event log

Computer Name: jeanie-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\t cpip.sys
Record Number: 31217
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124062642.225516-000
Event Type: Audit Failure
user
Reply With Quote
  #4  
Old January 24th, 2009, 07:47 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
part 2

Computer Name: jeanie-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\t cpip.sys
Record Number: 31218
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124062642.250516-000
Event Type: Audit Failure
User:

Computer Name: jeanie-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\t cpip.sys
Record Number: 31219
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124062642.276516-000
Event Type: Audit Failure
User:

Computer Name: jeanie-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\t cpip.sys
Record Number: 31220
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124062642.301516-000
Event Type: Audit Failure
User:

Computer Name: jeanie-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\t cpip.sys
Record Number: 31221
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124062642.325516-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
Reply With Quote
  #5  
Old January 24th, 2009, 07:48 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
part 3

Logfile of random's system information tool 1.05 (written by random/random)
Run by jeanie at 2009-01-23 22:26:33
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 338 GB (91%) free of 370 GB
Total RAM: 2039 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:43 PM, on 1/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\jeanie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\M1TPUB77\RSIT[1].exe
C:\Program Files\trend micro\jeanie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...=DTP&M=GT5660E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...=DTP&M=GT5660E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...javadl.sun.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.charter.net/files/charter...uite/fscax.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7961 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\Registry OK Schedule.job
C:\Windows\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-15 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"Spare Backup"=C:\Program Files\Spare Backup\SpareBackup.exe [2007-09-13 5252936]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Skytel"=C:\Windows\Skytel.exe [2007-04-13 1822720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-19 1261336]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-23 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-07-13 40072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

C:\Users\jeanie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Reply With Quote
  #6  
Old January 24th, 2009, 07:49 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
Question final

======List of files/folders created in the last 1 months======

2009-01-23 22:26:33 ----D---- C:\rsit
2009-01-23 22:26:33 ----D---- C:\Program Files\trend micro
2009-01-23 18:25:07 ----D---- C:\ProgramData\SITEguard
2009-01-23 18:23:43 ----D---- C:\ProgramData\STOPzilla!
2009-01-23 18:23:43 ----D---- C:\Program Files\Common Files\iS3
2009-01-23 17:41:38 ----A---- C:\Windows\system32\javaws.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\javaw.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\java.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\deploytk.dll
2009-01-22 21:24:35 ----D---- C:\Program Files\Registry OK
2009-01-21 20:40:03 ----D---- C:\ProgramData\Uniblue
2009-01-21 20:40:02 ----D---- C:\Users\jeanie\AppData\Roaming\Uniblue
2009-01-21 20:39:56 ----D---- C:\Program Files\Uniblue
2009-01-21 11:58:06 ----D---- C:\Program Files\Intelinet
2009-01-19 21:42:16 ----HD---- C:\$AVG8.VAULT$
2009-01-19 21:38:28 ----A---- C:\Windows\system32\avgrsstx.dll
2009-01-19 21:37:41 ----D---- C:\ProgramData\avg8
2009-01-19 21:37:41 ----D---- C:\Program Files\AVG
2009-01-19 20:30:32 ----A---- C:\Windows\ntbtlog.txt
2009-01-19 20:25:34 ----D---- C:\Users\jeanie\AppData\Roaming\CyberLink
2009-01-19 20:25:09 ----D---- C:\ProgramData\CyberLink
2009-01-19 16:37:33 ----D---- C:\ProgramData\1941139646
2009-01-19 12:53:21 ----A---- C:\Windows\system32\1DNJe4hY.exe.a_a
2009-01-19 12:53:21 ----A---- C:\Windows\system32\1DNJe4hY.exe
2009-01-04 14:04:12 ----D---- C:\Users\jeanie\AppData\Roaming\Anuman Interactive
2009-01-01 17:31:57 ----D---- C:\Users\jeanie\AppData\Roaming\F-Secure

======List of files/folders modified in the last 1 months======

2009-01-23 22:26:43 ----D---- C:\Windows\Temp
2009-01-23 22:26:33 ----RD---- C:\Program Files
2009-01-23 22:23:06 ----HD---- C:\Windows\inf
2009-01-23 22:23:06 ----D---- C:\Windows\System32
2009-01-23 22:23:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-23 22:19:12 ----D---- C:\Users\jeanie\AppData\Roaming\Spare Backup
2009-01-23 18:38:00 ----HD---- C:\Config.msi
2009-01-23 18:34:10 ----SHD---- C:\Windows\Installer
2009-01-23 18:34:10 ----D---- C:\Windows\system32\drivers
2009-01-23 18:33:20 ----SHD---- C:\System Volume Information
2009-01-23 18:28:43 ----D---- C:\Windows\Prefetch
2009-01-23 18:25:07 ----HD---- C:\ProgramData
2009-01-23 18:23:43 ----D---- C:\Program Files\Common Files
2009-01-23 18:14:19 ----SD---- C:\Users\jeanie\AppData\Roaming\Microsoft
2009-01-23 18:13:23 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-01-23 18:07:58 ----AD---- C:\ProgramData\TEMP
2009-01-23 17:41:58 ----SD---- C:\Windows\Downloaded Program Files
2009-01-23 17:41:15 ----D---- C:\Program Files\Java
2009-01-22 21:24:54 ----D---- C:\Windows\Tasks
2009-01-22 21:24:54 ----D---- C:\Windows\system32\Tasks
2009-01-22 10:06:02 ----D---- C:\Windows
2009-01-22 10:05:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-21 13:44:21 ----D---- C:\Windows\rescache
2009-01-21 13:39:09 ----D---- C:\Windows\system32\catroot
2009-01-21 13:37:34 ----D---- C:\Windows\system32\catroot2
2009-01-21 13:37:00 ----D---- C:\Windows\winsxs
2009-01-20 20:29:23 ----D---- C:\Program Files\Charter Security Suite
2009-01-20 20:27:36 ----D---- C:\ProgramData\f-secure
2009-01-20 19:22:02 ----D---- C:\Windows\system32\WDI
2009-01-19 21:46:51 ----SD---- C:\ProgramData\Microsoft
2009-01-14 12:33:13 ----D---- C:\Program Files\Windows Mail
2009-01-09 17:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-07 07:58:23 ----D---- C:\Program Files\Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-19 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-19 26824]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2009-01-19 69128]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-01 47104]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-01 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-01 2589184]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-19 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 231704]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-12-19 65536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Reply With Quote
  #7  
Old January 24th, 2009, 04:18 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Indications of malware files showing here, but not the more active components I would expect to see. Let's remove some items then scan repair as well.

The folders list show these having been used there recently - I am listing them from worst down as far as being more a scam software than beneficial, with the top one (STOPzilla!) also being actually advertised in adware/malware popups.

STOPzilla!
Registry OK
Uniblue
Eusing Free Registry Cleaner

Either just not beneficial, and really just intended to secure payment from you for them, or even can be a cause of problems instead of helping.

-----------------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download OTMoveIt3 by OldTimer to your desktop.

Then click OTMoveIt3.exe to run it (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator").

Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

Code:
:processes
explorer.exe
:files
C:\Windows\tasks\At*.job
C:\ProgramData\1941139646
C:\Windows\system32\1DNJe4hY.exe.a_a
C:\Windows\system32\1DNJe4hY.exe
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
:commands
[zipfiles]
[emptytemp]
[start explorer]
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

-------------------

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------------

Run a new RSIT scan and post that main log along with the OTMoveIt log and the Malwarebytes log please.


OTMoveIt created a zip file of the items removed I would like to check out.

Just go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file on your computer.

C:\_OTMoveIt\MovedFiles\(mmddyyyy_hhmmss).zip

(Where "mmddyyyy_hhmmss" is the date and time the scan was run)

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.
Reply With Quote
  #8  
Old January 24th, 2009, 09:15 PM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
move it

I copy and pasted from the results side. I was not asked to reboot and the pop up read. can not open file
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\ProgramData\1941139646 moved successfully.
C:\Windows\system32\1DNJe4hY.exe.a_a moved successfully.
C:\Windows\system32\1DNJe4hY.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01242009_120731
Reply With Quote
  #9  
Old January 24th, 2009, 09:37 PM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
malwarebytes

Malwarebytes' Anti-Malware 1.33
Database version: 1689
Windows 6.0.6001 Service Pack 1

1/24/2009 12:27:24 PM
mbam-log-2009-01-24 (12-27-24).txt

Scan type: Quick Scan
Objects scanned: 45751
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IntelinetSecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Users\jeanie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Intelinet\Logs\2009_01_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Users\jeanie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Users\jeanie\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Reply With Quote
  #10  
Old January 25th, 2009, 12:44 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Something blocked the creation of the zip file - might be Vista permissions issues. Post back a new RSIT log and let's see how things look now.
Reply With Quote
  #11  
Old January 25th, 2009, 03:18 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
rsit log

Logfile of random's system information tool 1.05 (written by random/random)
Run by jeanie at 2009-01-24 18:17:44
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 337 GB (91%) free of 370 GB
Total RAM: 2039 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:49 PM, on 1/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\jeanie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ADKRBR82\RSIT[1].exe
C:\Program Files\trend micro\jeanie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...=DTP&M=GT5660E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...=DTP&M=GT5660E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...javadl.sun.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.charter.net/files/charter...uite/fscax.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7442 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Registry OK Schedule.job
C:\Windows\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-15 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"Spare Backup"=C:\Program Files\Spare Backup\SpareBackup.exe [2007-09-13 5252936]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Skytel"=C:\Windows\Skytel.exe [2007-04-13 1822720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-23 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-07-13 40072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

C:\Users\jeanie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-24 12:17:12 ----D---- C:\Users\jeanie\AppData\Roaming\Malwarebytes
2009-01-24 12:17:08 ----D---- C:\ProgramData\Malwarebytes
2009-01-24 12:17:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-24 12:07:31 ----D---- C:\_OTMoveIt
2009-01-23 22:26:33 ----D---- C:\rsit
2009-01-23 22:26:33 ----D---- C:\Program Files\trend micro
2009-01-23 18:25:07 ----D---- C:\ProgramData\SITEguard
2009-01-23 18:23:43 ----D---- C:\ProgramData\STOPzilla!
2009-01-23 18:23:43 ----D---- C:\Program Files\Common Files\iS3
2009-01-23 17:41:38 ----A---- C:\Windows\system32\javaws.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\javaw.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\java.exe
2009-01-23 17:41:38 ----A---- C:\Windows\system32\deploytk.dll
2009-01-22 21:24:35 ----D---- C:\Program Files\Registry OK
2009-01-21 20:40:03 ----D---- C:\ProgramData\Uniblue
2009-01-21 20:40:02 ----D---- C:\Users\jeanie\AppData\Roaming\Uniblue
2009-01-21 20:39:56 ----D---- C:\Program Files\Uniblue
2009-01-19 21:37:41 ----D---- C:\ProgramData\avg8
2009-01-19 21:37:41 ----D---- C:\Program Files\AVG
2009-01-19 20:30:32 ----A---- C:\Windows\ntbtlog.txt
2009-01-19 20:25:34 ----D---- C:\Users\jeanie\AppData\Roaming\CyberLink
2009-01-19 20:25:09 ----D---- C:\ProgramData\CyberLink
2009-01-04 14:04:12 ----D---- C:\Users\jeanie\AppData\Roaming\Anuman Interactive
2009-01-01 17:31:57 ----D---- C:\Users\jeanie\AppData\Roaming\F-Secure

======List of files/folders modified in the last 1 months======

2009-01-24 18:17:46 ----D---- C:\Windows\Temp
2009-01-24 18:17:37 ----D---- C:\Windows\Prefetch
2009-01-24 18:09:20 ----D---- C:\Users\jeanie\AppData\Roaming\Spare Backup
2009-01-24 18:07:03 ----HD---- C:\Windows\inf
2009-01-24 18:07:03 ----D---- C:\Windows\System32
2009-01-24 18:07:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-24 12:55:37 ----SHD---- C:\System Volume Information
2009-01-24 12:55:34 ----SD---- C:\Users\jeanie\AppData\Roaming\Microsoft
2009-01-24 12:55:34 ----D---- C:\Windows\system32\drivers
2009-01-24 12:55:34 ----D---- C:\Windows
2009-01-24 12:55:33 ----HD---- C:\ProgramData
2009-01-24 12:27:24 ----RD---- C:\Program Files
2009-01-24 12:07:31 ----D---- C:\Windows\Tasks
2009-01-23 18:38:00 ----HD---- C:\Config.msi
2009-01-23 18:34:10 ----SHD---- C:\Windows\Installer
2009-01-23 18:23:43 ----D---- C:\Program Files\Common Files
2009-01-23 18:13:23 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-01-23 18:07:58 ----AD---- C:\ProgramData\TEMP
2009-01-23 17:41:58 ----SD---- C:\Windows\Downloaded Program Files
2009-01-23 17:41:15 ----D---- C:\Program Files\Java
2009-01-22 21:24:54 ----D---- C:\Windows\system32\Tasks
2009-01-22 10:05:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-21 13:44:21 ----D---- C:\Windows\rescache
2009-01-21 13:39:09 ----D---- C:\Windows\system32\catroot
2009-01-21 13:37:34 ----D---- C:\Windows\system32\catroot2
2009-01-21 13:37:00 ----D---- C:\Windows\winsxs
2009-01-20 20:29:23 ----D---- C:\Program Files\Charter Security Suite
2009-01-20 20:27:36 ----D---- C:\ProgramData\f-secure
2009-01-20 19:22:02 ----D---- C:\Windows\system32\WDI
2009-01-19 21:46:51 ----SD---- C:\ProgramData\Microsoft
2009-01-14 12:33:13 ----D---- C:\Program Files\Windows Mail
2009-01-09 17:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-07 07:58:23 ----D---- C:\Program Files\Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-01 47104]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-01 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-01 2589184]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-12-19 65536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Reply With Quote
  #12  
Old January 25th, 2009, 05:28 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Good progress. Now some minor changes and then scan to see what might remain.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.



Close all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)


-------------------

Then Go here and run the Kaspersky online scan, and post back the log it creates.

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do.

When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log.

Then locate that log and copy/paste those contents back here please.

The scan requires a good bit of database downloading and can take quite a while to complete.
Reply With Quote
  #13  
Old January 25th, 2009, 08:12 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
kaspersky scan

ASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 24, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 25, 2009 04:06:18
Records in database: 1701544
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 138712
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:27:16


File name / Threat name / Threats count
C:\Users\jeanie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\VMP011RQ\setup[1].exe Infected: not-a-virus:FraudTool.Win32.Agent.dx 2
C:\_OTMoveIt\MovedFiles\01242009_120731\Windows\sy stem32\1DNJe4hY.exe Infected: Trojan-Downloader.Win32.Agent.bele 1

The selected area was scanned.
Reply With Quote
  #14  
Old January 25th, 2009, 03:26 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Very good - just a file you already removed and then a leftover method to introduce infection through the Internet. Just need to delete that IE temp folder to remove that.

Close IE and any open windows and open OTMoveIt again.

Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

Code:
:files
C:\Users\jeanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMP011RQ
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

-------------------

Then just post back that new OTMoveIt log as well as an update on how things are running there now please.
Reply With Quote
  #15  
Old January 26th, 2009, 03:52 AM
smiley59 smiley59 is offline
Member
 
Join Date: Dec 2002
O/S: Windows Vista 64-bit
Location: oregon
Posts: 62
========== FILES ==========
File/Folder C:\Users\jeanie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\VMP011RQ not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_184319



Is this what you wanted?
I could not find another FILE to send you.
The computer is running good, but since I got this trojan , do I need better protection? I have no virus protection at this moment but what about the firewall and defender that are in the system. I am thinking about getting Norton which fave a trial period when I bought the computer.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
video compressing program (moved from Vista Forum) monka56 Applications 1 March 27th, 2009 04:55 PM
Vista refusing to start up; graphics card problem? (moved from Vista Forum) SkyRay Hardware 0 February 8th, 2009 09:25 AM
Need help using system restore disc (moved from Vista Forum) kitty34 Hardware 1 January 20th, 2009 09:09 AM
opening folders in a software program (Moved from Vista Forum) cindiloohoo Applications 0 September 21st, 2008 01:47 AM
Security Toolbar 7.1 (moved from Vista Forum) Alec121 Malware Removal 1 November 16th, 2007 03:48 AM


All times are GMT +1. The time now is 10:42 AM.