She Been Playing Around With No Protection

[stephenb1956]

Daughter has a new little netbook. She been surfing around on the net (without protection) and yes it got stuff on it.

Have a hijack this log,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:17 AM, on 11/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rebekah phillips\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sawetajiz] Rundll32.exe "c:\windows\system32\yajosofo.dll",a
O4 - Global Startup: Asus Power Management Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6260F15E-5E4B-45C5-A5E5-B6768680378C}: NameServer = 83.149.115.182
O17 - HKLM\System\CCS\Services\Tcpip\..\{704EF3EB-0B0B-42FF-9EC9-CBADE92DE89F}: NameServer = 83.149.115.182
O17 - HKLM\System\CS1\Services\Tcpip\..\{6260F15E-5E4B-45C5-A5E5-B6768680378C}: NameServer = 83.149.115.182
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\vatedupo.dll c:\windows\system32\bijukotu.dll c:\windows\system32\winusime.dll c:\windows\system32\biwivago.dll c:\windows\system32\yajosofo.dll c:\windows\system32\kanizige.dll,nurehaha.dll
O21 - SSODL: memezanit - {02afba4e-a850-4a37-9617-6759d2d4938c} - c:\windows\system32\winusime.dll (file missing)
O21 - SSODL: danusatew - {737afe83-f492-4193-b055-d35a827d4c28} - c:\windows\system32\riwawake.dll (file missing)
O21 - SSODL: fanefiwir - {8a913c37-ae89-4175-9193-a8048f63ab69} - c:\windows\system32\riwawake.dll (file missing)
O21 - SSODL: gerajomel - {7edf8fd9-74e1-48d6-ad0f-f3c8e138e7e3} - c:\windows\system32\riwawake.dll (file missing)
O21 - SSODL: melurufog - {5a7c49b3-2edc-4fe5-b65c-163272c282b7} - c:\windows\system32\riwawake.dll (file missing)
O21 - SSODL: nogogesud - {f53c5793-7672-4321-b5a1-f75340b40416} - c:\windows\system32\fiwomuzu.dll (file missing)
O21 - SSODL: lojidazut - {648267cf-3ce3-412b-8567-40972f03a1b6} - c:\windows\system32\fiwomuzu.dll (file missing)
O21 - SSODL: nebahugij - {64ffaf0f-4ff6-4192-930d-9e43c0e893ea} - c:\windows\system32\fiwomuzu.dll (file missing)
O21 - SSODL: royikenez - {aad6560b-0fc1-485c-b2c6-3c8bb7285c5d} - c:\windows\system32\biwivago.dll (file missing)
O21 - SSODL: rupahaleb - {b285315a-169f-4a4e-8b33-e5dbb74b9b95} - c:\windows\system32\yazelado.dll (file missing)
O21 - SSODL: lafetupap - {1bb91386-1181-4912-9718-9e0750ee4ed7} - c:\windows\system32\yazelado.dll (file missing)
O21 - SSODL: sobizator - {c16e9b41-805c-4188-bc13-a3dfd4daa4ee} - c:\windows\system32\veyetidi.dll (file missing)
O21 - SSODL: mubekazet - {0fd3f27c-8272-474e-8681-c64d8d8b002b} - c:\windows\system32\bijukotu.dll (file missing)
O21 - SSODL: gunuriwem - {4ac215d0-0f35-4ea3-96c6-07a563df2603} - c:\windows\system32\yajosofo.dll
O22 - SharedTaskScheduler: mujuzedij - {02afba4e-a850-4a37-9617-6759d2d4938c} - c:\windows\system32\winusime.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {737afe83-f492-4193-b055-d35a827d4c28} - c:\windows\system32\riwawake.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {8a913c37-ae89-4175-9193-a8048f63ab69} - c:\windows\system32\riwawake.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {7edf8fd9-74e1-48d6-ad0f-f3c8e138e7e3} - c:\windows\system32\riwawake.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {5a7c49b3-2edc-4fe5-b65c-163272c282b7} - c:\windows\system32\riwawake.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f53c5793-7672-4321-b5a1-f75340b40416} - c:\windows\system32\fiwomuzu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {648267cf-3ce3-412b-8567-40972f03a1b6} - c:\windows\system32\fiwomuzu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {64ffaf0f-4ff6-4192-930d-9e43c0e893ea} - c:\windows\system32\fiwomuzu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {aad6560b-0fc1-485c-b2c6-3c8bb7285c5d} - c:\windows\system32\biwivago.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {b285315a-169f-4a4e-8b33-e5dbb74b9b95} - c:\windows\system32\yazelado.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {1bb91386-1181-4912-9718-9e0750ee4ed7} - c:\windows\system32\yazelado.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c16e9b41-805c-4188-bc13-a3dfd4daa4ee} - c:\windows\system32\veyetidi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0fd3f27c-8272-474e-8681-c64d8d8b002b} - c:\windows\system32\bijukotu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {4ac215d0-0f35-4ea3-96c6-07a563df2603} - c:\windows\system32\yajosofo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9652 bytes

Let me know what needs to be done please.

Thanks Guys

[stephenb1956]

In conversations now I find out that it is only one window that keeps popping up. Performance is still good. Just need to clean it and get some anti virus software loaded which is being discussed. Suggestion on anti virus software??

[PrntRhd]

Avast Home for personal use. Avast Pro or NOD32 for paid AV.

Antivir is also quite good.

[classicsoftware]

First:

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/quote]

Second:

IN THE ORDER LISTED BELOW

• Re-boot the system
• Post the MBAM log
• Post a new HJT log
• Tell us how the system is running.

I'm working 14 hours on Wednesday so I probably wont respond until Thursday AM....

[stephenb1956]

I have downloaded the freeware four times and everytime it tries to start it pops up a window that says this;
"Unable to execute file:
C:\Program Files\Malwarebytes'Anti-Malware\mbam.exe

CreateProcess failed; code2.
The system cannot find the file specified"
Went into the file and could not find an executable to start the program.
I looked on my other computer that has the program and comparing the two it shows that the executable is not there.

Suggestions??

[classicsoftware]

Try it in safe mode.

[NiiggaOhDang]

Thats a hell of a log there captain.