Help... multiple viruses found!

[mauserme]

Download LSPFix and bring it to the computer we're working on

http://cexx.org/lspfix.htm

If you can fit the uncompressed (exe) version use that as it will run from the floppy.  Otherwise use the zip file and uncompress it on the C: drive.  The program is pretty straight forward - it will either tell you there were no problems found or list fixes in the Remove pane.  If it does find problems clicking the Finish button runs the fix and might restore your internet connection.  Let me know if this helps.

I'm not sure why SDFix is not functioning but boot into normal mode and see if any log was produced (c:\rapport.txt).  Even if repairs were not made there, may be helpful information in the log if one was created.

[tryan21]

There is no log under c:\rapport.txt
When I ran LSPFix it said “no problems found”.
I can now get online so something I did along the way must have helped.
Now, the problem I have is that I can’t update Java. I keep getting the following error messages:

Windows Installer 
This instillation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error – Java™ Update
Unable to launch the Java™ Update installer: This instillation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

[mauserme]

We'll take care of installing the new Java a little later - it probably just needs to be downloaded again.  The important thing is the exploitable version is gone now.

How is the computer acting now that its back on the internet?

Instead of SDFix, lets take a close look at what's going on.

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
  
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  Non-Microsoft only
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

Copy/Paste the information in you next respons and I will review it.   This log will be quite long and will require several posts to fit everything.

[tryan21]

WinPFind3 logfile created on: 7/17/2007 11:17:50 AM
WinPFind3U by OldTimer - Version 1.0.39   Folder = C:\Documents and Settings\Tara & Paul\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2, v.2096 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2096)
 
127.53 Mb Total Physical Memory | 56.52 Mb Available Physical Memory | 44.32% Memory free
307.45 Mb Paging File | 161.02 Mb Available in Paging File | 52.37% Paging File free
Paging file location(s): C:\pagefile.sys 192 384;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.00 Gb Total Space | 2.82 Gb Free Space | 47.06% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TARA_PAUL
Current User Name: Tara & Paul
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr =    ]
exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 768000 bytes | Modified Date = 6/28/2005 12:11:48 PM | Attr =    ]
exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 768000 bytes | Modified Date = 6/28/2005 12:11:48 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr =    ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/24/2003 10:52:00 PM | Attr =    ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 2/24/2003 10:50:00 PM | Attr =    ]
nzspc.exe -> %ProgramFiles%\NZSearch\nzspc.exe -> United Online, Inc. [Ver = 2.2.05 | Size = 311362 bytes | Modified Date = 7/10/2006 11:00:52 PM | Attr =    ]
watchdog.exe -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 8/14/2004 4:42:20 AM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr =    ]
x1exec.exe -> %ProgramFiles%\NetZero\qsacc\X1Exec.exe -> NetZero, Inc. [Ver = 3.6.00 | Size = 241664 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 4/30/2007 9:04:38 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2096.503.0 | Size = 224768 bytes | Modified Date = 3/11/2004 6:18:58 PM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/3/2007 8:03:56 PM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/24/2003 10:52:00 PM | Attr =    ]

[tryan21]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 3:06:32 AM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr =    ]
WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 8/14/2004 4:42:20 AM | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NetZero_uoltray -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 768000 bytes | Modified Date = 6/28/2005 12:11:48 PM | Attr =    ]
spc_w -> %ProgramFiles%\NZSearch\nzspc.exe -> United Online, Inc. [Ver = 2.2.05 | Size = 311362 bytes | Modified Date = 7/10/2006 11:00:52 PM | Attr =    ]
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
untd_recovery -> %ProgramFiles%\NetZero\qsacc\X1Exec.exe -> NetZero, Inc. [Ver = 3.6.00 | Size = 241664 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->

[tryan21]

HKLM: Main\\Default_Search_URL -> http://my.netzero.net/s/search?r=minisearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://my.netzero.net/s/search?r=minisearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://my.netzero.net/s/search?r=minisearch ->
HKCU: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
HKCU: Start Page -> about:blank ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKLM] -> %ProgramFiles%\NZSearch\SearchEnh1.dll [URLSearchHook Class] -> United Online, Inc. [Ver = 2.2.05 | Size = 102472 bytes | Modified Date = 7/10/2006 10:59:54 PM | Attr =    ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
www_adobe.com [http] ->  ->
www_java.com [http] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =    ]
{52706EF7-D7A2-49AD-A615-E903858CF284} [HKLM] -> %ProgramFiles%\NetZero\qsacc\X1IEBHO.dll [Popup-Blocker Class] -> NetZero, Inc. [Ver = 3.6.00 | Size = 175560 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] ->  [Ver =  | Size = 843802 bytes | Modified Date = 3/11/2004 4:08:16 PM | Attr =    ]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKLM] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] ->  [Ver = 2, 0, 0, 1 | Size = 292304 bytes | Modified Date = 6/27/2005 6:04:26 PM | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKLM] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] ->  [Ver = 2, 0, 0, 1 | Size = 292304 bytes | Modified Date = 6/27/2005 6:04:26 PM | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr =    ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Display All Images with Full Quality ->  -> File not found
Display Image with Full Quality ->  -> File not found
E&xport to Microsoft Excel ->  -> File not found
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->

[tryan21]

< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx ->  [Ver =  | Size = 843802 bytes | Modified Date = 3/11/2004 4:08:16 PM | Attr =    ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://photos.walmart.com/WalmartActivia.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 7/13/2007 3:52:32 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 133787648 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 7/13/2007 4:22:20 PM | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 7/10/2007 8:50:04 AM | Attr =    ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 104960 bytes | Created Date = 7/13/2007 3:53:02 PM | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 7/15/2007 1:58:32 PM | Attr =    ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 7/13/2007 3:53:02 PM | Attr =    ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel ->  [Folder | Created Date = 6/30/2007 7:26:59 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Created Date = 7/13/2007 3:53:01 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 7/13/2007 3:53:00 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/13/2007 3:53:00 PM | Attr =    ]
vfind.exe -> %System32%\vfind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 7/13/2007 3:53:01 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 7/16/2007 1:54:30 PM | Attr =    ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 7/15/2007 2:16:48 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 133787648 bytes | Modified Date = 7/17/2007 11:01:18 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/17/2007 11:08:58 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 7/13/2007 4:22:22 PM | Attr =    ]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Modified Date = 7/4/2007 9:13:18 AM | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 7/16/2007 1:54:14 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 7/15/2007 1:58:34 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 7/17/2007 11:01:20 AM | Attr =   S]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 104960 bytes | Modified Date = 7/4/2007 7:21:06 PM | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 7/15/2007 1:58:34 PM | Attr =    ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/11/2007 10:38:40 AM | Attr =  HS]
LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI ->  [Ver =  | Size = 814 bytes | Modified Date = 7/17/2007 11:14:16 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/17/2007 11:15:00 AM | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 7/6/2007 4:02:26 PM | Attr =    ]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 6/21/2007 12:46:54 PM | Attr =    ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel ->  [Folder | Modified Date = 7/1/2007 8:30:44 AM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 7/15/2007 1:10:20 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 7/10/2007 9:28:22 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 7/17/2007 11:14:02 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/17/2007 11:01:56 AM | Attr =  H ]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 7/11/2007 10:38:42 AM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 7/13/2007 11:15:18 AM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 7/6/2007 10:25:40 AM | Attr =    ]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 7/13/2007 4:22:04 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 4:59:06 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 7/17/2007 11:01:24 AM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 8:46:10 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 4:59:06 PM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr =    ]

< End of report >

[mauserme]

I don't see any other problems.  If the computer is running OK now we'll see if we can get that new Java installed.

[tryan21]

yeah, everything seems to be working fine now. 
By the way, thanks for all your help!

[mauserme]

yeah, everything seems to be working fine now. 

Let's do some house cleaning now.  Double click OTMoveIt once again and click the CleanUp! button.  If your firewall prompts you that OTMoveIt wants to contact the internet, allow this.  A cleanup.txt will be downloaded and a message dialog will ask you if you want to proceed with the cleanup process.  Click Yes. This will delete the tools we've downloaded plus itself.

Now download the current version of Java from here

http://filehippo.com/download_java_runtime/

When you get the download dialog click Run.  When the download finishes confirm that you want to run the program, if asked.  Then, when the License Agreement appears, close your browser first before finishing the installation.

How did this work?

[tryan21]

Now download the current version of Java from here

http://filehippo.com/download_java_runtime/

Someone told me to dowload a standalone installer of Java Runtime Environment (JRE) 6u2. I did it and it seemed to have worked.

[mauserme]

That's fine - whichever method works is the one to use.

Now there is a little clean up we should do to finish things up.

First, double click OTMoveIt once again and click the CleanUp! button. You may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.


I would also like to remove your old, possibly infected System Restore points and create a new, clean point.

Click Start > All Programs > Accessories > System Tools > System Restore.  Fill the radio button to Create a Restore Point and click Next.  Give the new restore point a name you will recognize if you need to find it (like Clean Point) and click Create.

Next, click Start > All Programs > Accessories > System Tools > Disk Cleanup.  Now click the More Options tab, then click Clean Up in the System Restore section and OK.


Finally, as DavidR mentioned, you should consider installing a third party firewall.  I like Comodo but Zone Alarm, PCTools Firewall, and other are also worth a look.  Here's a link to Comodo

http://filehippo.com/download_comodo/