Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect/XP Activation/No regedit


  • This topic is locked This topic is locked
18 replies to this topic

#1 rida34

rida34

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 03:24 AM

My computer picked up some sort of virus where it redirects all the time using the internet and regedit will not startup unless I copy it and rename it something else. I then turned off my computer and when I turned it back on it wanted me to Activate my Windows XP???? I got through it after a few hours with a lot of luck finding the activation code on the computer, but am still having problems figuring everything out. I found on my website that a java code was being put into the code somehow so I deleted most of my java products...Here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:25 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.cox.net/winstin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4700 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 07:01 AM

Hi rida34,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • We need to go to the registry.
    • Go to C:\Windows folder and find regedit.exe then rename it to copy.exe (to do that right-click regedit32.exe and select rename).
    • Double-click copy.exe to run it. The registry editor opens.
    • In the left pane navigate to the following sub-key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
    • Highlight Drivers32 sub-key and under File menu select Export...
    • Give a name like drivers32 and save the file to the desktop. You get driver32.reg on the desktop.
    • Rename the driver32.reg to driver32.txt then open it and post the content to your reply.
  • Please make a program list with Hijackthis:
    • Open HijackThis and click Open the Misc Tools section.
    • Click "Open Uninstall Manager"
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, copy and paste the results in your next post.


#3 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 03:49 PM

Thanks..here it is

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Class Name: <NO CLASS>
Last Write Time: 4/14/2009 - 12:35 PM
Value 0
Name: midimapper
Type: REG_SZ
Data: midimap.dll

Value 1
Name: msacm.imaadpcm
Type: REG_SZ
Data: imaadp32.acm

Value 2
Name: msacm.msadpcm
Type: REG_SZ
Data: msadp32.acm

Value 3
Name: msacm.msg711
Type: REG_SZ
Data: msg711.acm

Value 4
Name: msacm.msgsm610
Type: REG_SZ
Data: msgsm32.acm

Value 5
Name: msacm.trspch
Type: REG_SZ
Data: tssoft32.acm

Value 6
Name: vidc.cvid
Type: REG_SZ
Data: iccvid.dll

Value 7
Name: VIDC.I420
Type: REG_SZ
Data: msh263.drv

Value 8
Name: vidc.iv31
Type: REG_SZ
Data: ir32_32.dll

Value 9
Name: vidc.iv32
Type: REG_SZ
Data: ir32_32.dll

Value 10
Name: VIDC.IYUV
Type: REG_SZ
Data: iyuv_32.dll

Value 11
Name: vidc.mrle
Type: REG_SZ
Data: msrle32.dll

Value 12
Name: vidc.msvc
Type: REG_SZ
Data: msvidc32.dll

Value 13
Name: VIDC.UYVY
Type: REG_SZ
Data: msyuv.dll

Value 14
Name: VIDC.YUY2
Type: REG_SZ
Data: msyuv.dll

Value 15
Name: VIDC.YVU9
Type: REG_SZ
Data: tsbyuv.dll

Value 16
Name: VIDC.YVYU
Type: REG_SZ
Data: msyuv.dll

Value 17
Name: wavemapper
Type: REG_SZ
Data: msacm32.drv

Value 18
Name: msacm.msg723
Type: REG_SZ
Data: msg723.acm

Value 19
Name: vidc.M263
Type: REG_SZ
Data: msh263.drv

Value 20
Name: vidc.M261
Type: REG_SZ
Data: msh261.drv

Value 21
Name: msacm.msaudio1
Type: REG_SZ
Data: msaud32.acm

Value 22
Name: msacm.sl_anet
Type: REG_SZ
Data: sl_anet.acm

Value 23
Name: msacm.l3acm
Type: REG_SZ
Data: C:\WINDOWS\system32\l3codeca.acm

Value 24
Name: vidc.LEAD
Type: REG_SZ
Data: LCODCCMP.DLL

Value 25
Name: wave
Type: REG_SZ
Data: wdmaud.drv

Value 26
Name: midi
Type: REG_SZ
Data: wdmaud.drv

Value 27
Name: mixer
Type: REG_SZ
Data: wdmaud.drv

Value 28
Name: msacm.siren
Type: REG_SZ
Data: sirenacm.dll

Value 29
Name: vidc.DIVX
Type: REG_SZ
Data: DivX.dll

Value 30
Name: VIDC.MJPG
Type: REG_SZ
Data: Pvmjpg30.dll

Value 31
Name: VIDC.PIM1
Type: REG_SZ
Data: pclepim1.dll

Value 32
Name: MSVideo8
Type: REG_SZ
Data: VfWWDM32.dll

Value 33
Name: wave1
Type: REG_SZ
Data: wdmaud.drv

Value 34
Name: midi1
Type: REG_SZ
Data: wdmaud.drv

Value 35
Name: mixer1
Type: REG_SZ
Data: wdmaud.drv

Value 36
Name: aux
Type: REG_SZ
Data: C:\DOCUME~1\Don\LOCALS~1\Temp\..\qxmvpx.sjp


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server
Class Name: <NO CLASS>
Last Write Time: 11/1/2003 - 2:21 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP
Class Name: <NO CLASS>
Last Write Time: 11/1/2003 - 2:21 PM
Value 0
Name: wave
Type: REG_SZ
Data: rdpsnd.dll

Value 1
Name: MaxBandwidth
Type: REG_DWORD
Data: 0x56b9

Value 2
Name: wavemapper
Type: REG_SZ
Data: msacm32.drv

Value 3
Name: EnableMP3Codec
Type: REG_DWORD
Data: 0x1

Value 4
Name: midimapper
Type: REG_SZ
Data: midimap.dll

ABBYY FineReader 6.0 Sprint
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
America Online (Choose which version to remove)
Apple Mobile Device Support
Apple Software Update
Bytescout XLS Viewer 2.20 (FREEWARE)
CoffeeCup Free HTML Editor
Compatibility Pack for the 2007 Office system
Conexant SoftK56 Modem(M)
Corel Business Applications
DiscAPI (Studio 10)
Express Burn
FileZilla (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Memories Disc
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
ICQ
Intel® Extreme Graphics Driver
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java™ 6 Update 13
Lexmark 2600 Series
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2000 SR-1 Small Business
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyPublisher BookMaker
Nero - Burning Rom
Pinnacle Instant DVD Recorder
PokerStars
proDAD Heroglyph 2.5
QuickTime
Rand McNally Route Planner
RAPID (Studio 10)
RealPlayer Basic
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Serif PhotoPlus 6.0
Serif WebPlus SE
SmartSound Quicktracks Plugin
Sound Blaster Live! Web 2K/XP
Studio 10
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

#4 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 03:51 PM

qxmvpx.sjp appears to be the main culprit, it is is the local settings file but when I manually delete it, it comes back and adds 2 more.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 03:58 PM

I want to remind you this:

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


What did you exactly removed and when?

#6 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 04:01 PM

I just found the file in C:\documents and settings\don\Localsettings and tried to delete it

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 04:06 PM

When did you do this? I mean before getting assistance or now?

#8 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 04:07 PM

Before I saw your first post I did it.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 04:12 PM

It is OK, I misunderstood you, I'm sorry.
  • We need to go to the registry again.
    • Double-click copy.exe to run it. The registry editor opens.
    • In the left pane navigate to the following sub-key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
    • Highlight Drivers32 sub-key. In the right pane under Name there is a value named aux right-click on it and select Modify
    • Type in the Value Data box: wdmaud.drv
    • Click OK and close the registry.
    • Reboot the computer and delete the file you mentioned.
    • Tell me how is the computer running now.

      If you could not find the file make sure you can see all the hidden and system files. Instructions on how to do this can be found here:
      How to see hidden files in Windows
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.


#10 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 04:35 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 2

5/4/2009 2:34:20 PM
mbam-log-2009-05-04 (14-34-20).txt

Scan type: Quick Scan
Objects scanned: 98971
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 04:48 PM

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java 2 Runtime Environment Standard Edition v1.3.1
    Java 2 Runtime Environment Standard Edition v1.3.1_02


  • You are missing one important program on that computer: An antivirus.
    This is somewhat suicidal in today's digital world.
    You need to install an antivirus program as soon as you can. Besides the paid antivirus programs there are also some free antivirus programs:
  • AVG Free
  • Avira
  • Avast Free
  • Bitdefender Free
Install and update. Run a full/complete scan, let removed/quarantined what it finds and copy and paste the report to your reply.

I recommend this good free antivirus:

Avira
  • Download the installer from softpedia.com link as it has a secure download mirror. Install and update it.
  • In the left pane click Status. In the right pane click Scan system now.
  • After the scan finished let it remove what it finds and then Click Report.
  • You can get the last report also by clicking on Reports on the left pane.
  • In the right window under Action double-click on the last Scan listed (you see also the corresponding Dat/Time).
  • A window opens, click on Report file.
  • Copy and paste the content of the report to your reply.


#12 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 04:59 PM

It can't locate the uninstall file for either of the java programs, can I do it manually thru the registry?

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 04 May 2009 - 05:02 PM

It is much more difficult to remove it via the registry, unless it is just a clutter entry pointing to the uninstaller.
Please tell me what happens if you try to uninstall it via the Add/Remove.

Edited the post. I meant Add/Remove, but mentioned registry.

Edited by farbar, 04 May 2009 - 05:04 PM.


#14 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 05:10 PM

When I click remove, and uninstall shield logo comes up and then an error message that says: Unable to locate the installation log file 'C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu'. Uninstallation will not continue.

#15 rida34

rida34
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 04 May 2009 - 05:12 PM

Avira AntiVir Personal
Report file date: Monday, May 04, 2009 15:07

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Don
Computer name : DESKTOP

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 16:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 15:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 22:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 01:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 04:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 19:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 21:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 23:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 04:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 21:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 22:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 19:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, May 04, 2009 15:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'FileZilla.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmsdmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxdncoms.exe' - '1' Module(s) have been scanned
Scan process 'lxdnserv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'acsd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '71' files ).



End of the scan: Monday, May 04, 2009 15:08
Used time: 01:01 Minute(s)

The scan has been done completely.

0 Scanned directories
478 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
478 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users