Member Avatar for amerje

Please help.. I've tried everything i could find from other posts.

My computer folder on the start menu and my docoments folder will not open in normal mode. Hour glass icon comes up briefly then disappears. Also, i am getting the following dll errors on start-up egcomservice_1048.dll, stlb2.dll, doceoc15b1, e6f1873b.dll.

Here is my hijackthis log, after running malware bytes and smitfraudfix. Smitfraudfix had to be run in normal mode as the icon disappeared from the desktop after rebooting in safe mode. I have also run regcure, registrybooster 3009, windows live one care. THANKS FOR ANY HELP!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:43, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\BELKIN~2\BELKIN~1.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
O2 - BHO: (no name) - {20DCFF48-3990-4EF6-BC3A-E4C57534447D} - (no file)
O2 - BHO: (no name) - {35C84892-0779-45A2-B577-28D39D07ED8F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C1A27B08-0C98-4307-A6DF-695FE6DD302F} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RCHotKey] C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O15 - Trusted Zone: http://alp.bertrodgers.com
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: www.getoffutt.com
O15 - Trusted Zone: www.mlsocala.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://mlsocala.com/ocl/valid/osi_valid9j.ocx
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.yanceyrod.com/view/tiffx.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rmlsfl.mlxchange.com/Control/...ctComboBox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.thelistingwidget.com/incl...eUploader4.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rmlsfl.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: geBtUkki - geBtUkki.dll (file missing)
O20 - Winlogon Notify: mlJApOIX - mlJApOIX.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINNT\
O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~2\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10387 bytes

  • 2 Contributors
  • 9 Replies
  • 165 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by jholland1964
Member Avatar for jholland1964

Hi welcome to daniweb,
Definite infections showing in the HJT log. Let's try first to get rid of some of those.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

  • DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer and then run a new HJT scan and place a checkmark next to the following if still present;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
O2 - BHO: (no name) - {20DCFF48-3990-4EF6-BC3A-E4C57534447D} - (no file)
O2 - BHO: (no name) - {35C84892-0779-45A2-B577-28D39D07ED8F} - (no file)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C1A27B08-0C98-4307-A6DF-695FE6DD302F} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

O20 - Winlogon Notify: geBtUkki - geBtUkki.dll (file missing)
O20 - Winlogon Notify: mlJApOIX - mlJApOIX.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINNT\

Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot the computer and run another Full System Scan with HJT and save the log.
Post back here with the log from MBA-M and HiJackThis.
Judy

Edited by mike_2000_17 because: Fixed formatting
Member Avatar for amerje

Here is the new log. I think we are good!!!! No dll errors, and both folders open....THANK YOU SO MUCH FOR YOUR HELP!!!!! I spent 2 days reading posts and working on this.....Thank you! Thank you! Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:16, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\BELKIN~2\BELKIN~1.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RCHotKey] C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O15 - Trusted Zone: http://alp.bertrodgers.com
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: www.getoffutt.com
O15 - Trusted Zone: www.mlsocala.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://mlsocala.com/ocl/valid/osi_valid9j.ocx
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.yanceyrod.com/view/tiffx.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rmlsfl.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.thelistingwidget.com/includes/ImageUploader4.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rmlsfl.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~2\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~2\BELKIN~3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9150 bytes

Member Avatar for jholland1964

Looks much better. Could you post that Malwarebytes' log so I can see what was removed? Might be other steps required.

One thing for sure you need to do is update your Java, it is way out of date. Current version is version 6 update 7.
First go HERE
Download the Offline install and save it to the desktop so you can find it easily.
After you do that then go to Add/Remove and Uninstall ALL previous versions of Java. Reboot the computer if prompted to do so.
Once you have uninstalled all previous versions then double click that Java install icon on the desktop and install the new version. Once complete go back to the link above and on the right side of the page you will see Verify Now. Click that to verify the install went as it should.

Also, Uninstall these two programs, they are NOT necessary.
regcure, registrybooster 3009
Judy

Member Avatar for amerje

Java is updated and installed correctly. I removed regcure and registry booster. Here is the Malware bytes log.

Malwarebytes' Anti-Malware 1.28
Database version: 1153
Windows 5.1.2600 Service Pack 2

9/14/2008 11:26:16 PM
mbam-log-2008-09-14 (23-26-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 109453
Time elapsed: 48 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Member Avatar for jholland1964

This is a clean malwarebytes' log. What I need to see is the one that cleaned the infected files. You can find the logs in the program under the Logs tab. You will have to click each one shown to find the correct one. It would be good also to see the Smitfraudfix log.
Judy

Member Avatar for amerje

Ok. Here is the SmitFraudFix v2.350 and malwarebytestlog

Scan done at 13:30:49.57, Sun 09/14/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\LocalService\Application Data\AlfaCleaner Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Malwarebytes' Anti-Malware 1.28
Database version: 1149
Windows 5.1.2600 Service Pack 2

9/14/2008 1:17:43 PM
mbam-log-2008-09-14 (13-17-43).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 199284
Time elapsed: 2 hour(s), 10 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 52
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\quantic.plug (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\quantic.plug.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8aca5a0-060a-478a-8368-1407780d2251} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{013a653b-49a6-4f76-8b68-e4875ea6ba54} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fd6b99c-a275-46ea-8fd1-3d63986e51e4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7da39570-5fd2-4f18-94b4-20730cb3f727} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2386c4d3-e53a-4fd6-952b-89cbca337c83} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ad9b275b-e42d-4c7f-9ffb-29b5fb81688b} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3fd6b99c-a275-46ea-8fd1-3d63986e51e4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Quantic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.tb (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.tb.1 (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller.1 (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PeDevice (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\tmp (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\WINNT\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\wii (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\bharebio05 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hailee\Application Data\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hailee\Application Data\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP6\A0001835.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP6\A0001836.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP6\A0001837.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINNT\system32\targetedbanner-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\wii\HTgn1dll.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.
G:\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
G:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully.
G:\Program Files\Screensavers.com\SSSInstaller\bin\screensavers.exe (Adware.Comet) -> Quarantined and deleted successfully.
G:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe (Adware.Comet) -> Quarantined and deleted successfully.
G:\WINNT\system32\targetedbanner-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\WINNT\system32\wii\HTgn1dll.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\communication.xml (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\Domain.Watchlist.txt (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\pae-options.xml (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\search.watchlist.txt (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\statistic.xml (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\watchlist.xml (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\tmp\tmp.html (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin\matrix.dat (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\WINNT\system32\winzlo32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINNT\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\BM13839b69.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\BM13839b69.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Member Avatar for jholland1964

Looks good. Just needed to see what was removed. Be sure to update that Java program as noted in my other post.
I would also recommend that you download, install, update and then enable SpywareBlaster it truly is a MUST HAVE program, it is FREE and it DOES NOT run in the background.
Here is the information from their website on what it is and what it does;

The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.

* Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
* Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
* Restrict the actions of potentially unwanted sites in Internet Explorer.


SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web.

And unlike other programs, SpywareBlaster does not have to remain running in the background.

This program really DOES work. I would hope you would install it and be certain to enable the Restricted Sites portion of it too.
Judy

Member Avatar for amerje

I will take your recommendation and install spyware blaster as well. Thanks again for all your help. It is greatly appreciated.

John

Member Avatar for jholland1964

Happy I could provide some help. One more thing you need to do and that is set a new and now clean System Restore point. To do this Right Click My Computer and choose Properties.
When System Properties opens choose the System Restore Tab.
When that opens place a check mark in Turn Off System Restore. Click Ok. You will then get notification that you are turning off System Restore. Click Ok.
System Restore will turn off. Wait a moment and do the same thing in reverse and Remove that check mark. Click ok. System Restore will then turn back on and you're good to go!
Judy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.