Free Malware Removal Forum

[lumpy258]

Hi first thank you for this great site here is my log i did remove some of the malware but this is the updated log can you tell me if i missed any viruses i have been removing them with hijack this and reg seeker work great together thank you for your time

Logfile of HijackThis v1.99.1
Scan saved at 10:31:10 AM, on 12/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Documents and Settings\User1\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\jeff\HP_Administrator\My Documents\regseeker\RegSeeker\RegSeeker\RegSeeker.exe
C:\jeff\HP_Administrator\My Documents\HijackThis.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [EarthDesk] "C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe" /silentstart
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\User1\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

[Jack&Jill]

Hello lumpy258,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Forum Rules and HOW TO GET HELP AT THIS FORUM (YOU MUST READ THIS).
• It will take some time for me to go through your logs, so please be patient with me.
• Backing up important data is a good idea as malware removal is a hazardous undertaking. Please do so if you haven't already.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
• If you have any doubts or problems during the fix, please stop and ask.
• If you need to be away for a while during the fix, please let me know.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• Do not use or run any tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly . We may begin.

You are using an outdated version of HijackThis.

Please download the latest HijackThis© from Trend Micro. Click here.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.

• Save HJTInstall.exe to your desktop.
• Double click on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
• Click Install and read through the End User License Agreement.
• Accept it to continue and HijackThis will launch once complete installation.

Post a HJT log

• Click on the Do a system scan and save a log file button. It will scan and then a log in Notepad will appear.
• On the Menu bar in Notepad, select Format and click on WordWrap so it appears unchecked (unticked).
• Save the log in a convenient location.
• Come back here to this thread and post the HijackThis log content in your next reply.
• DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Post an Uninstall list

• After the above step, click on Main Menu.
• Go to Open the Misc Tools section by clicking on the box.
• Under the Systems tools, look for Open Uninstall Manager and click on it.
• Click Save list... and save the text file in a convenient location.
• Copy and paste the Uninstall list contents in your reply.

Also, please describe in details what problems you are facing (if you haven't yet).

Please post back:
1. new HijackThis log
2. uninstall list
3. details of problems or symptoms

[Jack&Jill]

Hello lumpy258 ,

It has been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.