Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


vrt*.tmp uninstalls and reinstalls

  • This topic is locked This topic is locked
2 replies to this topic

#1 maiashk


  • Members
  • 2 posts
  • Local time:01:32 AM

Posted 24 July 2009 - 09:24 AM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Alfred Herrero at 10:11:40.98 on Fri 07/24/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1481 [GMT -4:00]

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesSigmaTelC-Major AudioWDMstsystra.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAlfred HerreroDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ISUSPM] "c:program filescommon filesinstallshieldupdateserviceISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [do_not_delete] c:windowssystem32do_not_delete.exe
mRun: [IntelZeroConfig] "c:program filesintelwirelessbinZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMstsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [AT&T Communication Manager] "c:program filesat&tcommunication managerATTCM.exe" -a
dRun: [mswindows restore service] c:windowstempzno5rz6.exe
dRun: [pridl] "c:documents and settingsalfred herreroapplication datapridlpridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
dRun: [do_not_delete] c:windowssystem32do_not_delete.exe
uExplorerRun: [do_not_delete] c:windowssystem32do_not_delete.exe
mExplorerRun: [do_not_delete] c:windowssystem32do_not_delete.exe
dExplorerRun: [do_not_delete] c:windowssystem32do_not_delete.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:documents and settingsalfred herrerostart menuprogramsimvuRun IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
LSP: bmnet.dll
Trusted Zone: army.milwww.us
Trusted Zone: worldofwarcraft.comwww
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: {38101905-d80f-4788-96f6-986a8186178a} - c:windowssystem32flashd32.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-7-22 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-7-3 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2008-7-1 45132]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:windowssystem32driversswnc8u80.sys [2008-1-10 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:windowssystem32driversswumx80.sys [2008-1-10 142976]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:program filesat&tcommunication managerRcAppSvc.exe [2008-11-20 113152]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys --> c:windowssystem32driversmbamswissarmy.sys [?]

=============== Created Last 30 ================

2009-07-23 22:14 257,536 a------- c:windowsSC.INS
2009-07-23 22:14 <DIR> --d----- c:program filesProtection System
2009-07-23 20:28 0 a------- c:windowssystem32_id.dat
2009-07-23 18:55 <DIR> --d----- c:docume~1alfred~1applic~1pridl
2009-07-23 18:55 109 a------- C:stat.vbs
2009-07-23 18:55 36,864 ---shr-- c:windowssystem32flashd32.dll
2009-07-23 18:48 61,440 a------- c:windowssystem32driversjwdj.sys
2009-07-23 08:47 61,440 a------- c:windowssystem32driversfztpijy.sys
2009-07-23 07:59 360,320 a------- c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-07-22 01:53 <DIR> --d----- c:docume~1alfred~1applic~1IMVU
2009-07-22 01:52 <DIR> --d----- c:docume~1alfred~1applic~1IMVUClient
2009-07-22 01:37 15,688 a------- c:windowssystem32lsdelete.exe
2009-07-22 01:00 64,160 a------- c:windowssystem32driversLbd.sys
2009-07-22 00:56 <DIR> -cd-h--- c:docume~1alluse~1applic~1{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-22 00:55 <DIR> --d----- c:program filesLavasoft
2009-07-21 22:23 552 a------- c:windowssystem32d3d8caps.dat
2009-07-21 22:03 <DIR> --d----- c:docume~1alfred~1applic~1Malwarebytes
2009-07-21 22:03 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-07-21 19:27 <DIR> --d----- c:docume~1alluse~1applic~111789374
2009-07-19 12:39 21,504 ac------ c:windowssystem32dllcachehidserv.dll
2009-07-19 12:39 21,504 a------- c:windowssystem32hidserv.dll
2009-07-18 14:42 <DIR> --d----- c:docume~1alfred~1applic~1SpinTop
2009-07-18 09:49 754 a------- c:windowsWORDPAD.INI
2009-07-16 21:20 <DIR> --d----- c:program filesWallpaper Master

==================== Find3M ====================

2009-07-23 07:59 360,320 a------- c:windowssystem32driversTCPIP.SYS
2009-07-21 20:49 162,282 a------- c:windowspchealthhelpctrconfigcachePersonal_32_1033.dat
2009-07-18 15:45 54,270 a------- c:windowssystem32nvModes.dat
2009-06-16 10:55 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 10:55 82,432 a------- c:windowssystem32fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:windowssystem32quartz.dll
2009-05-09 15:15 410,984 a------- c:windowssystem32deploytk.dll
2009-05-07 11:44 344,064 a------- c:windowssystem32localspl.dll

============= FINISH: 10:14:45.14 ===============

followed the guide, hopefully i did this right. Ive used two different programs, adaware and Malbyte or something along those lines and it still has problems.. I know you guys are busy with your lifes and i thank anyone who helps me out, hopefully my option is good, thanks everyone


Merged posts. ~ OB

Attached Files

Edited by Orange Blossom, 19 August 2010 - 12:48 AM.

BC AdBot (Login to Remove)


#2 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:32 AM

Posted 03 August 2009 - 11:15 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt


#3 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:32 AM

Posted 07 August 2009 - 06:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users