help with my log file

[gbennett21]

can sombody take a look at my log file and let me know what thay think

[gbennett21]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:05:24 PM, on 10/25/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\AutorunRemover\AutorunRemover.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\greg bennett\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Styler\Styler.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 74.55.76.231 http://www.google.com

O1 - Hosts: 74.55.76.231 google.com

O1 - Hosts: 74.55.76.231 google.com.au

O1 - Hosts: 74.55.76.231 http://www.google.com.au

O1 - Hosts: 74.55.76.231 google.be

O1 - Hosts: 74.55.76.231 http://www.google.be

O1 - Hosts: 74.55.76.231 google.com.br

O1 - Hosts: 74.55.76.231 http://www.google.com.br

O1 - Hosts: 74.55.76.231 google.ca

O1 - Hosts: 74.55.76.231 http://www.google.ca

O1 - Hosts: 74.55.76.231 google.ch

O1 - Hosts: 74.55.76.231 http://www.google.ch

O1 - Hosts: 74.55.76.231 google.de

O1 - Hosts: 74.55.76.231 http://www.google.de

O1 - Hosts: 74.55.76.231 google.dk

O1 - Hosts: 74.55.76.231 http://www.google.dk

O1 - Hosts: 74.55.76.231 google.fr

O1 - Hosts: 74.55.76.231 http://www.google.fr

O1 - Hosts: 74.55.76.231 google.ie

O1 - Hosts: 74.55.76.231 http://www.google.ie

O1 - Hosts: 74.55.76.231 google.it

O1 - Hosts: 74.55.76.231 http://www.google.it

O1 - Hosts: 74.55.76.231 google.co.jp

O1 - Hosts: 74.55.76.231 http://www.google.co.jp

O1 - Hosts: 74.55.76.231 google.nl

O1 - Hosts: 74.55.76.231 http://www.google.nl

O1 - Hosts: 74.55.76.231 google.no

O1 - Hosts: 74.55.76.231 http://www.google.no

O1 - Hosts: 74.55.76.231 google.co.nz

O1 - Hosts: 74.55.76.231 http://www.google.co.nz

O1 - Hosts: 74.55.76.231 google.pl

O1 - Hosts: 74.55.76.231 http://www.google.pl

O1 - Hosts: 74.55.76.231 google.se

O1 - Hosts: 74.55.76.231 http://www.google.se

O1 - Hosts: 74.55.76.231 google.co.uk

O1 - Hosts: 74.55.76.231 http://www.google.co.uk

O1 - Hosts: 74.55.76.231 google.co.za

O1 - Hosts: 74.55.76.231 http://www.google.co.za

O1 - Hosts: 74.55.76.231 http://www.google-analytics.com

O1 - Hosts: 74.55.76.231 http://www.bing.com

O1 - Hosts: 74.55.76.231 search.yahoo.com

O1 - Hosts: 74.55.76.231 http://www.search.yahoo.com

O1 - Hosts: 74.55.76.231 uk.search.yahoo.com

O1 - Hosts: 74.55.76.231 ca.search.yahoo.com

O1 - Hosts: 74.55.76.231 de.search.yahoo.com

O1 - Hosts: 74.55.76.231 fr.search.yahoo.com

O1 - Hosts: 74.55.76.231 au.search.yahoo.com

O1 - Hosts: 74.55.76.231 http://www.youtube.com

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [AutorunRemover] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\greg bennett\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: nVienna Sidebar.lnk = C:\WINDOWS\system32\Sidebar\Sidebar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: nVienna Sidebar.lnk = C:\WINDOWS\system32\Sidebar\Sidebar.exe (User 'Default user')

O4 - .DEFAULT User Startup: nVienna Sidebar.lnk = C:\WINDOWS\system32\Sidebar\Sidebar.exe (User 'Default user')

O4 - Startup: nVienna Sidebar.lnk = C:\WINDOWS\system32\Sidebar\Sidebar.exe

O4 - Startup: Styler.lnk = ?

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 8722 bytes

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

*****************************************

Open HijackThis and select Open the Misc Tools section. Select open process manager. select

C:\WINDOWS\VistaDrive\VistaDrive.exe

 

and click on kill process.

Close HJT

***************************************

Copy and paste the text in the code box below into Notepad.

@echo off
del C:\WINDOWS\VistaDrive\VistaDrive.exe

del blackpudding.bat
exit

 

Then click File > Save as

Save to the Desktop as blackpudding.bat

And Save as type: All Files.

 

Double-click on blackpudding.bat to run it.

****************************************

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

 

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 74.55.76.231 www.google.com

O1 - Hosts: 74.55.76.231 google.com

O1 - Hosts: 74.55.76.231 google.com.au

O1 - Hosts: 74.55.76.231 www.google.com.au

O1 - Hosts: 74.55.76.231 google.be

O1 - Hosts: 74.55.76.231 www.google.be

O1 - Hosts: 74.55.76.231 google.com.br

O1 - Hosts: 74.55.76.231 www.google.com.br

O1 - Hosts: 74.55.76.231 google.ca

O1 - Hosts: 74.55.76.231 www.google.ca

O1 - Hosts: 74.55.76.231 google.ch

O1 - Hosts: 74.55.76.231 www.google.ch

O1 - Hosts: 74.55.76.231 google.de

O1 - Hosts: 74.55.76.231 www.google.de

O1 - Hosts: 74.55.76.231 google.dk

O1 - Hosts: 74.55.76.231 www.google.dk

O1 - Hosts: 74.55.76.231 google.fr

O1 - Hosts: 74.55.76.231 www.google.fr

O1 - Hosts: 74.55.76.231 google.ie

O1 - Hosts: 74.55.76.231 www.google.ie

O1 - Hosts: 74.55.76.231 google.it

O1 - Hosts: 74.55.76.231 www.google.it

O1 - Hosts: 74.55.76.231 google.co.jp

O1 - Hosts: 74.55.76.231 www.google.co.jp

O1 - Hosts: 74.55.76.231 google.nl

O1 - Hosts: 74.55.76.231 www.google.nl

O1 - Hosts: 74.55.76.231 google.no

O1 - Hosts: 74.55.76.231 www.google.no

O1 - Hosts: 74.55.76.231 google.co.nz

O1 - Hosts: 74.55.76.231 www.google.co.nz

O1 - Hosts: 74.55.76.231 google.pl

O1 - Hosts: 74.55.76.231 www.google.pl

O1 - Hosts: 74.55.76.231 google.se

O1 - Hosts: 74.55.76.231 www.google.se

O1 - Hosts: 74.55.76.231 google.co.uk

O1 - Hosts: 74.55.76.231 www.google.co.uk

O1 - Hosts: 74.55.76.231 google.co.za

O1 - Hosts: 74.55.76.231 www.google.co.za

O1 - Hosts: 74.55.76.231 www.google-analytics.com

O1 - Hosts: 74.55.76.231 www.bing.com

O1 - Hosts: 74.55.76.231 search.yahoo.com

O1 - Hosts: 74.55.76.231 www.search.yahoo.com

O1 - Hosts: 74.55.76.231 uk.search.yahoo.com

O1 - Hosts: 74.55.76.231 ca.search.yahoo.com

O1 - Hosts: 74.55.76.231 de.search.yahoo.com

O1 - Hosts: 74.55.76.231 fr.search.yahoo.com

O1 - Hosts: 74.55.76.231 au.search.yahoo.com

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

 

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

***************************************

I see no evidence of a Anti-Virus program on your computer. If this is indeed, true, you must download and install one immediately. I recommend MicroSoft Security Essentials.

 

Before we continue download and install a free antivirus.

 

Remember to only install one antivirus!

 

1) Avast! Home Edition

2) AVG Free Edition

3) Avira AntiVir Personal

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download

4-a) Microsoft Security Essentials for Windows XP

5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

6) PC Tools AntiVirus Free Edition

 

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

*******************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

********************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************

Please download Malwarebytes Anti-Malware from here.

 

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.