Remnants fron Win32/Renos:FJ ???

Question

debgreat 0 Newbie Poster

15 Years Ago

My computer became infected with: TrojanDownloader:Win32/Renos.EE
After Googol searching, I found information on your forum about how to dispose of the virus. I downloaded Malwarbytes as suggested and thought that it got rid of it. The post suggested that the (2) logs get posted so users could verify nothing else was wrong with computer.
This virus seems to be smart enough to block me from getting help. (limiting access to Mcafee's site, corrupting my current software subscription of Mcafee's software). So I don't know if that is what is happening now or if the virus is really gone. (OMG, I'm becoming paranoid!)
I'm in a catch 22, Mcafee keeps getting turned off and they won't help me since I have Malwarebytes on my computer. I am afraid to delete Malwarebytes as it was the only one that could delete it. I've ran Malwarebytes now and it says I'm okay?????

Anyway, Can you help me or steer me in the right direction?

Thanks soooo much.

windows-virus

mbam-log-2009-03-17_(20-46-32).txt (12.06 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

Malwarebytes' Anti-Malware 1.34
Database version: 1860
Windows 5.1.2600 Service Pack 2

3/17/2009 8:46:32 PM
mbam-log-2009-03-17 (20-46-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157443
Time elapsed: 1 hour(s), 1 minute(s), 4 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 24
Registry Data Items Infected: 14
Folders Infected: 2
Files Infected: 41

Memory Processes Infected:
C:\WINDOWS\svc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\svw.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\odb.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winetn32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tceqisiquyicu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vqehedekosubuka (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netw (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netsv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odby (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winetn32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\Anaciyalog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\oqocuguveka.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\5_odb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\6_ldr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\60325cahp25caa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse\Local Settings\Temp\q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deborah Greathouse

mbam-log-2009-03-17_(22-03-08).txt (0.83 KB)

Malwarebytes' Anti-Malware 1.34
Database version: 1860
Windows 5.1.2600 Service Pack 2

3/17/2009 10:03:08 PM
mbam-log-2009-03-17 (22-03-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157300
Time elapsed: 1 hour(s), 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

mbam-log-2009-04-01_(07-05-06).txt (0.82 KB)

Malwarebytes' Anti-Malware 1.34
Database version: 1860
Windows 5.1.2600 Service Pack 2

4/1/2009 7:05:06 AM
mbam-log-2009-04-01 (07-05-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155375
Time elapsed: 56 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3 Contributors
24 Replies
264 Views
1 Week Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

All 24 Replies

crunchie 990 Most Valuable Poster

15 Years Ago

Please do not attach your logs unless requested. Paste them into your post :).

crunchie 990 Most Valuable Poster

15 Years Ago

You are fairly badly infected. I suggest that you update MBA-M as it is a little out of date, then run it and delete everything found.
Post both it's log and an hijackthis log taken after you have rebooted the computer, after running MBA-M

crunchie 990 Most Valuable Poster

15 Years Ago

How many times did you run MBA-M after updating it?

crunchie 990 Most Valuable Poster

15 Years Ago

Just didn't look right :).

Please download OTMoveIt by OldTimer:

Save it to your desktop.
1. Double click on OTMoveIt3 to run it.
3. Please copy and paste the text in the Code box below, into OTMoveIt3;
```
:files
C:\WINDOWS\system32\ntos.exe
C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE
C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe
:commands
[Purity]
[EmptyTemp]
[Reboot]
```
4. Check the box "Unregister Dll's and OCX's ... if not checked.
5. Click on MoveIt!
6. The end results of the processing will be in 2 places:
  - The Results window on the right side of the OTMoveIt screen.
  - A log (text) file created in "C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log"
7. Copy all the text from the Results window...
8. Click Exit (3) when done.
9. Please paste the results from the OTMoveIt window or the log file, in your next reply.
Post a new hijackthis log.

crunchie 990 Most Valuable Poster

15 Years Ago

http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Godsp3ed -7 Posting Whiz in Training · Answer 1 · 2009-04-01T19:45:14+00:00

6 memory processes infected..!!! Whoa..!! i'd suggest u to run a Hijackthis scan right away and post the log here, its safe and an independent software, won't obstruct to any other antiviruses installed..

Here's the link to download it..

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

debgreat 0 Newbie Poster · Answer 2 · 2009-04-02T16:02:40+00:00

6 memory processes infected..!!! Whoa..!! i'd suggest u to run a Hijackthis scan right away and post the log here, its safe and an independent software, won't obstruct to any other antiviruses installed..
Here's the link to download it..
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Here you go.............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:38 AM, on 4/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Agent\agent.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mam] C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\US_1_~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\MDKZCXQJ\SCRIPT~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\SPACER~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\A9UP4F65\MVTAPP~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FC0CF1-741C-482E-B41B-F38EC2CC1788}: NameServer = 66.203.130.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - C:\WINDOWS\System32\stickrep.dll (file missing)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10451 bytes

debgreat 0 Newbie Poster · Answer 3 · 2009-04-03T05:13:12+00:00

You are fairly badly infected. I suggest that you update MBA-M as it is a little out of date, then run it and delete everything found.
Post both it's log and an hijackthis log taken after you have rebooted the computer, after running MBA-M

Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 2

4/2/2009 7:01:57 PM
mbam-log-2009-04-02 (19-01-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158212
Time elapsed: 50 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:31 PM, on 4/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mam] C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\US_1_~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\MDKZCXQJ\SCRIPT~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\SPACER~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\A9UP4F65\MVTAPP~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FC0CF1-741C-482E-B41B-F38EC2CC1788}: NameServer = 66.203.130.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - C:\WINDOWS\System32\stickrep.dll (file missing)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10387 bytes

debgreat 0 Newbie Poster · Answer 4 · 2009-04-03T18:35:20+00:00

How many times did you run MBA-M after updating it?

I updated it, ran it, rebooted, ran hijack then posted both. Is this not correct?

debgreat 0 Newbie Poster · Answer 5 · 2009-04-04T05:24:46+00:00

It says: "Not Found 404" when I try go to OTMoveit

??what now??

debgreat 0 Newbie Poster · Answer 6 · 2009-04-04T18:44:26+00:00

http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe

Move it log (saved by Move it)
========== FILES ==========
File/Folder C:\WINDOWS\system32\ntos.exe not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe not found.
========== COMMANDS ==========
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\Μicrosoft.NET moved successfully.
C:\Program Files\Common Files\aѕsembly moved successfully.
C:\Program Files\Common Files\sуmbols moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Αdobe moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 moved successfully.
File delete failed. C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Deborah Greathouse\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_dH2hyUAfo8D9fzk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_g9fyMtc8aItE8ij scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xOV7EWL34CfcvgE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_6BCbFanNHNnimEc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_bJKnlzH30BJ9XBn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OkZcuzo1lj4RW81 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_082442

Files moved on Reboot...
C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\WINDOWS\temp\mcmsc_dH2hyUAfo8D9fzk not found!
File C:\WINDOWS\temp\mcmsc_g9fyMtc8aItE8ij not found!
File C:\WINDOWS\temp\mcmsc_xOV7EWL34CfcvgE not found!
C:\WINDOWS\temp\sqlite_6BCbFanNHNnimEc moved successfully.
C:\WINDOWS\temp\sqlite_bJKnlzH30BJ9XBn moved successfully.
C:\WINDOWS\temp\sqlite_OkZcuzo1lj4RW81 moved successfully.
------------------------------------------------
Move it log (saved by me)
========== FILES ==========
File/Folder C:\WINDOWS\system32\ntos.exe not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe not found.
========== COMMANDS ==========
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\Μicrosoft.NET moved successfully.
C:\Program Files\Common Files\aѕsembly moved successfully.
C:\Program Files\Common Files\sуmbols moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Αdobe moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 moved successfully.
File delete failed. C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Deborah Greathouse\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_dH2hyUAfo8D9fzk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_g9fyMtc8aItE8ij scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xOV7EWL34CfcvgE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_6BCbFanNHNnimEc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_bJKnlzH30BJ9XBn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OkZcuzo1lj4RW81 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_082442
------------------------------------------
log that popped up after reboot (you didn't mention this, but incase you need it)
========== FILES ==========
File/Folder C:\WINDOWS\system32\ntos.exe not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE not found.
File/Folder C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe not found.
========== COMMANDS ==========
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\Μicrosoft.NET moved successfully.
C:\Program Files\Common Files\aѕsembly moved successfully.
C:\Program Files\Common Files\sуmbols moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Αdobe moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\ѕystem moved successfully.
C:\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 moved successfully.
File delete failed. C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Deborah Greathouse\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_dH2hyUAfo8D9fzk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_g9fyMtc8aItE8ij scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xOV7EWL34CfcvgE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_6BCbFanNHNnimEc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_bJKnlzH30BJ9XBn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OkZcuzo1lj4RW81 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_082442

Files moved on Reboot...
C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\WINDOWS\temp\mcmsc_dH2hyUAfo8D9fzk not found!
File C:\WINDOWS\temp\mcmsc_g9fyMtc8aItE8ij not found!
File C:\WINDOWS\temp\mcmsc_xOV7EWL34CfcvgE not found!
C:\WINDOWS\temp\sqlite_6BCbFanNHNnimEc moved successfully.
C:\WINDOWS\temp\sqlite_bJKnlzH30BJ9XBn moved successfully.
C:\WINDOWS\temp\sqlite_OkZcuzo1lj4RW81 moved successfully.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 7 · 2009-04-04T20:57:42+00:00

crunchie 990 Most Valuable Poster

15 Years Ago

Post a new hijackthis log.

And this please.

debgreat 0 Newbie Poster · Answer 8 · 2009-04-04T23:19:13+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:10 PM, on 4/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mam] C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\US_1_~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\MDKZCXQJ\SCRIPT~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\SPACER~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\A9UP4F65\MVTAPP~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FC0CF1-741C-482E-B41B-F38EC2CC1788}: NameServer = 66.203.130.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - C:\WINDOWS\System32\stickrep.dll (file missing)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10422 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 9 · 2009-04-05T07:35:40+00:00

Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select it and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

==

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop

O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll

O4 - HKCU\..\Run: [Mam] C:\DOCUME~1\DEBORA~1\APPLIC~1\MANTEC~1\WAUBOO~1.EXE
O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\DEBORA~1\APPLIC~1\YSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1162

O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - C:\WINDOWS\System32\stickrep.dll (file missing)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

debgreat 0 Newbie Poster · Answer 10 · 2009-04-07T15:35:58+00:00

I got down to: Delete ProgramFiles\Viewpoint (in safe mode) and I didn't see anything but then I searched for Viewpoint. I found it in
C:\DocumentandSettings\DeborahGreathouse\ApplicationData\Viewpoint
Delete??
Also, when I first booted back up after safe mode, my lower toolbar announced an error message; "Mcafee is turned off, click here to fix" (which I didn't because I also saw the "M" icon in the same toolbar.) I opened it and it was all green.
I also have an updates available popping up continuosly, when I have it set up to install updates when powering down.
This is the two things that made me suspicious I still had a problem.

Thanks for your help. Please let me know wether to delete the above Viewpoint or not.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2009-04-07T15:51:03+00:00

crunchie 990 Most Valuable Poster

15 Years Ago

Yes, delete that Viewpoint, then reboot and see how things are.

debgreat 0 Newbie Poster · Answer 12 · 2009-04-08T03:43:47+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:15 PM, on 4/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\DEBORAH GREATHOUSE\Application Data\Mozilla\Profiles\default\jtqjfa07.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\US_1_~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\MDKZCXQJ\SCRIPT~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\GPCP8RYR\SPACER~1.SH! C:\DOCUME~1\DEBORA~1\LOCALS~1\TEMPOR~1\Content.IE5\A9UP4F65\MVTAPP~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://*.mcafee.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FC0CF1-741C-482E-B41B-F38EC2CC1788}: NameServer = 66.203.130.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Prestige Software - {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe

--
End of file - 8464 bytes

As far as I can tell, it seems ok. After the initial removal of win32/renos virus; the only indication of a problem I had was playing tug of war with my anti virus software.

Shall I turn Windows defender back on? Run it with Spyblaster and Mcafee? What about Malwarebytes? Keep it too?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2009-04-08T13:53:35+00:00

Everything looks good. Keep MBA-M and run it weekly after updating it.
Turn everything back on.

==

Right click on OTMoveIt3.exe and select Run As Administrator to run it. When Windows prompts, please allow it.
Click on CleanUp!
When done, you will be prompted to restart your computer. Please do so at this time.

If your computer does not automatically restart, please restart it manually.

debgreat 0 Newbie Poster · Answer 14 · 2009-04-09T03:59:26+00:00

Moveit needs a password to run as administrator.
Where do I find it?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2009-04-09T04:08:25+00:00

It is your administrator password. The one you chose when you first got the pc.

debgreat 0 Newbie Poster · Answer 16 · 2009-04-09T05:12:58+00:00

Oops, sorry. I don't have an admin login, I was admin.
So I ran it and it said alot of failed stuff. I rebooted and ran it again to see if it got it all and here's what it said:
File/Folder avenger.zip not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.exe not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
File/Folder erdnt\subs not found.
File/Folder QooBox not found.
File/Folder ComboFix*.txt not found.
Service not present: catchme.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder WS2Fix.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
Service not present: gmer.
File/Folder haxfix.exe not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTListIt2.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder _OTListIt not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File delete failed. C:\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\\OTMoveIt3.exe scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Μicrosoft.NET scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\temp scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\sуmbols scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\aѕsembly scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1\Temp scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442 scheduled to be deleted on reboot.
File delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442.log scheduled to be deleted on reboot.
File delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442.res scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Μicrosoft.NET scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\temp scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\sуmbols scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\aѕsembly scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Program Files scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1\Temp scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442 scheduled to be deleted on reboot.
File delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442.log scheduled to be deleted on reboot.
File delete failed. C:\_OTMoveIt\MovedFiles\04042009_082442.res scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt\MovedFiles scheduled to be deleted on reboot.
Folder delete failed. C:\_OTMoveIt scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Μicrosoft.NET scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS\temp scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\WINDOWS scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\sуmbols scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files\aѕsembly scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Program Files\Common Files scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Program Files scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1\Temp scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\LOCALS~1 scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Ѕуmantec scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem\YSTEM~1 scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\ѕystem scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\Αdobe scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data\sуstem32 scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse\Application Data scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings\Deborah Greathouse scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442\Documents and Settings scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442 scheduled to be deleted on reboot.
File delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442.log scheduled to be deleted on reboot.
File delete failed. C:\\_OTMoveIt\MovedFiles\04042009_082442.res scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt\MovedFiles scheduled to be deleted on reboot.
Folder delete failed. C:\\_OTMoveIt scheduled to be deleted on reboot.
File delete failed. C:\OTMoveIt3.exe scheduled to be deleted on reboot.

If it all looks good, I guess we're done???

Thsnks again for all your help.

Debbie

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 17 · 2009-04-09T05:17:26+00:00

crunchie 990 Most Valuable Poster

15 Years Ago

Looks fine :).

debgreat 0 Newbie Poster · Answer 18 · 2009-04-11T00:36:37+00:00

One last question. My sister (out of state) sounds like she has the same problem. I can follow along from this thread and have her repeat the same steps but what am I looking for from Hijackthis? Just redirects?

Thanks.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 19 · 2009-04-11T14:50:28+00:00

She may appear to have the same problems, but the entries may be different.

Remnants fron Win32/Renos:FJ ???

Recommended Answers Collapse Answers

All 24 Replies

Recommended Answers