WiredWX Hobby Weather ToolsLog in

 


descriptionNeed Help PLEASE ! EmptyNeed Help PLEASE !

more_horiz
Just want to start off by saying this is an excellent site and I found a lot of good info. With that said... I have Ad-Aware and it picked up a Virtumonde. It's not taking care of it. I did a search and download Malwarebytes. It picked this up this is my log file. I haven't taken action yet because I wanted tohear what you guys had to say. Should I delete the Virus's? I don't want to mess up my whole computer.

Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3

1/1/2009 5:23:14 PM
mbam-log-2009-01-01 (17-23-06).txt

Scan type: Quick Scan
Objects scanned: 58969
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBqQIXo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pbstdsfg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMgdeEV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jqjhfc.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgdeev (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90bd56ce (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqqixo -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqqixo -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> No action taken.

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Program Files\GetModule (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\geBqQIXo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oXIQqBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oXIQqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMgdeEV.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jqjhfc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pbstdsfg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gfsdtsbp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\waxwcivg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gvicwxaw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\buqltr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nbjgqjjx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vqddnh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ceycck.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dbktnl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\njcxxmom.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wpv481229907443.cpx (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\ixtiqqoa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jekmdsnb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fnhihxhi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kunrsqug.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\atmqfl.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\John\Local Settings\Temp\KB02.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\Q6X8YL6C\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\ZDM1AZU3\index[1] (Trojan.Vundo.H) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Hello.
You have MBAM set to no action taken, please remove everything it finds. You may have to re-scan.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
It's safe to remove all? Or will my comp get messed up ?

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
No, it won't mess anything up.
Please remove everything it found and then post a Hijack This log.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3

1/1/2009 5:39:03 PM
mbam-log-2009-01-01 (17-39-03).txt

Scan type: Quick Scan
Objects scanned: 59051
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBqQIXo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pbstdsfg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMgdeEV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jqjhfc.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgdeev (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c610147b-319a-48ad-af9c-9b6757db067c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{558301a0-2fe5-4b0b-9cfc-6404794ddd1a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90bd56ce (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqqixo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqqixo -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\geBqQIXo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oXIQqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oXIQqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgdeEV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jqjhfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pbstdsfg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gfsdtsbp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waxwcivg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gvicwxaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buqltr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbjgqjjx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqddnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceycck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbktnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njcxxmom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv481229907443.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ixtiqqoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jekmdsnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnhihxhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kunrsqug.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmqfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\KB02.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\Q6X8YL6C\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\ZDM1AZU3\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.



Thanks for all the help... much appreciated

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Hello.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/8/2006 5:05:00 PM
System Uptime: 1/2/2009 12:10:38 PM (2 hours ago)

Motherboard: DELL SYSTEM | | 0WF016
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U1 | 598/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 60.269 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat Reader 3.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIM 6.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Conexant D480 MDC V.9x Modem
Dell Driver Reset Tool
Dell System Restore
Digital Content Portal
Digital Line Detect
Family History Resource File Viewer 4.0
Full Tilt Poker
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
OpenOffice.org Installer 1.0
PCIxx20
PowerDVD 5.5
QuickTime
REA's TESTware for the Miller Analogies Test
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Snood for Windows version 3.52-W
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spark 1.1.4
Symantec AntiVirus
Synaptics Pointing Device Driver
Texas Instruments PCIxx20 drivers.
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 5:17:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2008 5:17:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2008 5:13:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2008 5:11:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip WS2IFSL
12/29/2008 4:44:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/28/2008 3:13:31 AM, error: Dhcp [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 10.0.7.40 (The DHCP Server sent a DHCPNACK message).
12/27/2008 7:07:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/27/2008 1:57:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/29/2008 8:47:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/29/2008 8:49:31 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166F6E7EA4. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/30/2008 7:56:21 PM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/30/2008 8:37:00 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
12/31/2008 3:22:24 AM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 00166F6E7EA4 has been denied by the DHCP server 10.0.6.40 (The DHCP Server sent a DHCPNACK message).
1/1/2009 5:42:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

==== End Of File ===========================

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
DDS (Version 1.1.0) - NTFSx86
Run by John at 14:12:56.39 on Fri 01/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1516 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\CT0GZ29B\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://optonline.net/Home
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: jqjhfc.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2005-4-17 1706176]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081229.003\naveng.sys [2008-12-29 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081229.003\navex15.sys [2008-12-29 876112]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2005-4-8 83568]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2005-4-17 124608]

=============== Created Last 30 ================

2009-01-01 18:02 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-01 17:43 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-01 17:43 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-01 17:16 --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-01-01 17:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-01 17:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 17:16 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 17:16 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-31 09:32 1,307,941 ---sh--- c:\windows\system32\pmvbdhnv.ini
2008-12-30 23:39 --d----- c:\program files\Lavasoft
2008-12-30 23:37 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-30 00:27 1,307,941 ---sh--- c:\windows\system32\hitqsqla.ini
2008-12-28 20:30 1,306,974 ---sh--- c:\windows\system32\fdhthrag.ini
2008-12-27 11:42 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-27 11:42 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-27 11:42 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-27 11:42 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-12 00:02 --d----- c:\program files\iPod
2008-12-12 00:02 --d----- c:\program files\iTunes
2008-12-12 00:02 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 00:01 --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-08-08 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080820080809\index.dat

============= FINISH: 14:13:04.23 ===============

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Hello.
Just two more things to do.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Then delete these three files in bold:
c:\windows\system32\hitqsqla.ini
c:\windows\system32\fdhthrag.ini
c:\windows\system32\pmvbdhnv.ini

What problems remain?

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
How do i delete those three files? I'm not to computer savy... I did all that u said up to removing those files

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Okay, lets use this to do it for us.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    explorer.exe

    :files
    c:\windows\system32\hitqsqla.ini
    c:\windows\system32\fdhthrag.ini
    c:\windows\system32\pmvbdhnv.ini

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_143824

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Okay, doesn't matter then, they don't pose any threat.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionNeed Help PLEASE ! EmptyRe: Need Help PLEASE !

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum