[sage5]

Hi andybodin,

Go to the Add/remove programs page of the Control Panel & try to uninstall CiD Help.
You will get an error message, but should also be asked if you wish to remove that entry from the list.
Select Yes.

Apart from that...

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser
  
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTMoveIt:

• Please double-click OTMoveIt2.exe to run it.
• Click the Clean up button
• Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
• Click Yes to the reboot.

To Clear Restore points, please do the following:

• Go to Start > Control Panel.
• Double-click the System icon.
  
  • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
• Click the System Restore tab.
• Put a check by Disable System Restore.
• Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

After reboot, you must turn System Restore back on:

• Go back to the Troubleshooting tab.
• UNcheck Disable System Restore.
• Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5

[Advertisements]

are we going to finish this thing?

[andybodin]

are we going to finish this thing?

[andybodin]

Sorry I did not know there were 2 pages to the log.


Thanks Alot,

AndyBodin

[andybodin]

Sage5 what are your favourite "pay for or bought" programs for the following:

Spyware Prevention:
Anti-Virus:
Firewall

Also all of my computers are behind a router. Does this help?

How do I post that my problem is resolved/closed?

Thanks,

andybodin

[sage5]

The only "paid for" I use is Antivir Premium.
Gives you a few advantages over the freebie like easier & quicker updating, extra cover.
Others to look at: Kaspersky, Nod32, aVast

Firewall: I use Comodo free version
Others: Sunbelt, ZoneAlarm
Spyware: free
Prevention; Spyware Blaster (in my opinion essential)
Detection; Malwarebytes Anti-Malware (free version)

If you go down the path of "paid for" anti-spyware, most also offer real time protection, like SuperAnitSpyware, Malwarebytes
There are many others out there. Have a look around this forum & see what the other Staff recommend in their signatures. That will read like the who's who of the applications

I don't recommend the security suites like offered by Nortons, McAfee, CA, Zonealarm
Whilst they appear to be easy to administer, most are able to offer 1 or at best 2 very good components, but the rest of the package can be pretty basic.
Nearly all of them are a mixture of the parent company's product, (generally pretty good), & other technology bought by the parent brand. (sometimes not so good).
As a rule, the bigger the package, the more resouces they require. (more Ram & more CPU cylcles)
This is probably to do with the idea of cobbling a series of unrelated, and differently coded, applications into a package that works. Especially true of the first 3 mentioned above.
Better, I think, to stick to stand alone apps: 1 x firewall, 1 x anti-virus, 1x anti-spyware with real time protection.
You can have other anti-spyware scanners, if you like, providing the real time bit is turned off.

Also, Host file protection is very effective at stopping malware from dialling out. See IE/SpyAd, HostExpert etc.

The router helps because:
a) most have a built in hardware firewall.
b) IP addresses of PC's behind the router are invisible to the Internet.

Hope that helps.


I will close the thread when you are ready.

Edited by sage5, 30 July 2008 - 07:45 AM.

[andybodin]

So run all three stand alone apps: 1 x firewall, 1 x anti-virus, 1x anti-spyware with real time protection at the same time?

Thank you very much, the computer is working great.

can you help me with a different computer that has this infection: Do we have to start a different post?

?--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 31, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 30, 2008 13:03:28
Records in database: 1028849
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 111737
Threat name: 3
Infected objects: 57
Suspicious objects: 0
Duration of the scan: 02:12:31


File name / Threat name / Threats count
C:\WINDOWS\system32\USER32.dll/C:\WINDOWS\system32\USER32.dll Infected: Trojan.Win32.Patched.bb 52
C:\Documents and Settings\Lynn Bodin\My Documents\DVD Solutions\U_DVDFabPlatinumVer[1].4.0.5.5.zip Infected: Trojan.Win32.Delf.cwu 1
C:\Program Files\DVDFab Platinum 4\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe Infected: Trojan.Win32.Delf.cwu 1
C:\WINDOWS\system32\dllcache\user32.dll Infected: Trojan.Win32.Patched.bb 1
C:\WINDOWS\system32\lght.ln Infected: Trojan-Spy.Win32.Agent.cad 1
C:\WINDOWS\system32\user32.dll Infected: Trojan.Win32.Patched.bb 1

The selected area was scanned.

********************************************************************************
*********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:54 AM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [\\STUDY\EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P47 "\\STUDY\EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB004" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R220 Series (Copy 1) on STUDY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P53 "Auto EPSON Stylus Photo R220 Series (Copy 1) on STUDY" /O18 "\\STUDY\EPSON R220" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKCU\..\Run: [\\STUDY\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\LYNNBO~1\LOCALS~1\Temp\E_SC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-2531973270-1264246527-1464110575-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - S-1-5-21-2531973270-1264246527-1464110575-500 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Administrator')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215557974765
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12175245-21F3-40E8-9C9D-283176F0D7F6}: NameServer = 155.16.44.30,204.148.236.3
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10303 bytes

Attached Files

•  hijackthis.txt   10.06KB   153 downloads

[sage5]

Right, let's get onto this other one:

Download the following & save to the desktop:
ComboFix

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.



Download the setup package & save it as originally named, next to ComboFix.exe.
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

• Follow the prompts to start ComboFix and agree to the End-User License Agreement to install the Microsoft Recovery Console.
• Click Yes at the window labelled What's next ? to continue with the scan.
• When complete, a log named C:\Combofix.txt will open.
• Please post the entire contents of that log as your next reply.

Cheers,

sage5

[andybodin]

Here is the file you requested.

Thanks,

andybodin

Attached Files

•  ComboFix.txt   12.49KB   201 downloads

[sage5]

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.

Run OTMoveIt2:

• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  

  C:\Documents and Settings\Lynn Bodin\My Documents\DVD Solutions\U_DVDFabPlatinumVer[1].4.0.5.5.zip
  C:\Program Files\DVDFab Platinum 4\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe
  C:\WINDOWS\system32\dllcache\user32.dll
  C:\WINDOWS\system32\lght.ln

• Return to OTMoveIt, right click on the Paste list of Files/Folders to be moved window (under the Yellow bar) and choose Paste.
• Make sure that there is a tick next to Unregister Dll's and OCX's
• Click the red Moveit! button.
• Open Notepad
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
• Paste the text into the Notepad file, click in the window and press Ctrl + V.
• Click "Exit" to close OTMoveIt.
• Save the text file as C:\otmove.txt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Please post the text from C:\otmove.txt & a fresh HijackThis log as your next Reply

Cheers,

sage5

[andybodin]

when i run Run OTMoveIt2 it moves the files into results window but then a microsoft error message states that there was an error in the program and has to shut down i cannot copy the text.

andybodin

[andybodin]

Here is the hijack file. I updated to jre 6 update 7.

andybodin

Attached Files

•  hijackthis_2.txt   9.76KB   140 downloads

[sage5]

Is that failure to copy text only apparent in OTMoveIt?
Can you copy text, from other applications, say from this thread, into Notepad?

It might pay to do a System File Check scan, as a precaution, in case some of the system files got corrupted.

System File Checker:

• Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
• /scannow starts the System File Checker immediately.
• You will probably need your Windows XP CD to be handy as it may be required.
  If you have Service Pack 2 installed, you will need the SP2 version of the CD. This can be done with a borrowed CD, if you don't have one.
• Allow the scan to run and when complete reboot the system

That log is looking clear now, so it might be best to run through the Cleanup routing from Post #16
See how you go with the OTMoveIt cleanup command.

Give me an update on the condition of the system when you are done.

Cheers,

sage5

[andybodin]

I cannot do a system file scan I do not have the cd for the computer,. did not come with one and i am not around any one that has one.

I can copy and past with any program, the problem was with the OTMoveIt2 program. It would run but then windows wanted to close it because it said their was an error and closed the program, when you tried to use the moveit function. The cleanup function works. I restarted the computer but still the same problem.

The computer still runs slow.
example when you doubble click on my computer it takes about 3 seconds to open up, same when you try to open up any folder, or try to run IE.

this did happen before the infection, but i have to add that i also enabled windows media center. Do you think windows media center is the problem?

andybodin

[sage5]

Hi andybodin,

Please download the following & save to your Desktop:
Flash Drive Disinfector

Run Flash Drive Disinfector:

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Create a CombFix Script:

• Please open Notepad
  
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
• Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae58f950-4e36-11dd-84ab-001636713474}]

• Save the above as CFScript.txt
• Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
  
• After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  
• Combofix.txt
• A new HijackThis log.

[andybodin]

where can i get combofix, it appears to have been removed from my computer. I know we used it earlier, but if i try to use to link in one of the past posts it does not work. I have tried to find it from other places but no luck.

andybodin