log for bestfriends virus- HELP

Unknown

ive tried EVERYTHING. someone pleeaassee help

heres my log:

Logfile of HijackThis v1.97.7
Scan saved at 9:49:56 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\MSOFTUPDATES.EXE
C:\WINDOWS\System32\nfegpfto.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emily\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1DAE3153-C119-50B5-845A-655508A22742} - C:\WINDOWS\System32\nefr.dll
O2 - BHO: (no name) - {42FD3E00-921A-02E2-845A-655508A22746} - C:\WINDOWS\System32\jbtx.dll
O2 - BHO: (no name) - {4EF83E0E-964A-57E5-805A-655508A22910} - C:\WINDOWS\System32\lfrs.dll
O2 - BHO: (no name) - {4FF96F04-9149-52B0-825A-655508A22643} - C:\WINDOWS\System32\sktjlpun.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [zyawnbrg] C:\WINDOWS\otowlugh.exe
O4 - HKLM\..\Run: [rtucibck] C:\WINDOWS\asfmwbin.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Automatic Windows Updates] MSOFTUPDATES.EXE
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Emily\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Hlkrf] C:\WINDOWS\System32\nfegpfto.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Automatic Windows Updates] MSOFTUPDATES.EXE
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Emily\Application Data\DownloadPlus.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AST Toolbar search - res://C:\WINDOWS\Downloaded Program Files\ast.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/09ecbb17929bdf3e2305/netzip/RdxIE2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

either reply or emial me at mLeH1346@yahoo.com THANKS IN ADVANCE

TheSmJ

O4 - HKCU\..\RunOnce: [Automatic Windows Updates] MSOFTUPDATES.EXE
O4 - HKLM\..\Run: [Automatic Windows Updates] MSOFTUPDATES.EXE

These are the problem.


This guide will give you directions to remove them.

Later tonight (as soon as Brian gets around to unlocking it for me) I'm going to re-write the guide with screenshots, clear(er) directions, etc.

batheinmysnot1

thank you sooo much! i tried these directions, i just didnt know what to delete.

Kwitko

You've got other problems in there besides that one. Follow this thread on running Spybot and Ad-Aware. Also, make sure to install SpywareBlaster to immunize your PC against further infestations, and you might want to consider using an alternate browser, like Mozilla Firefox.

After running Spybot and Ad-Aware and deleting the files mentioned by TheSMJ, please post a fresh log.

batheinmysnot1

i ran ad-aware and deleted everytrhing. also, when in safe mode, it says to type out "*the filename found*" -how exactly should i type it out? it says its not able to find MSOFTUPDATES.EXE

TheSmJ

batheinmysnot1 wrote:

i ran ad-aware and deleted everytrhing. also, when in safe mode, it says to type out "*the filename found*" -how exactly should i type it out? it says its not able to find MSOFTUPDATES.EXE

Check out my new guide Here. It should be a bit easier to understand.

batheinmysnot1

thanks TheSmJ...i used your directions. i got rid of it! thank you so much

profdlp

Nice job, TheSmJ - guess who's #1 on Google?