As you noted in the mbam log, it cleared a significant Vundo infection- we may need to run the Viodo Fix also, but the following need to be handled.
Update the Java to v6u10 here:
http://java.com/en/download/manual.jsp
Please reopen HijackThis and CHECK the following processes:
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
Questionable:
O4 - HKLM\..\Run: [LaunchApp] Alaunch>> Acer Launch tool utility on laptops. A re intentionally using this? If not, remove.
IF you did not specifically set this feature to do what is described, have HijackThis remove it:
(
http://technet.microsoft.com/en-us/library/bb457069.aspx)
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
Duplicate language converters: Check the functions of each of these. If you are not specifically utilizing BOTH, have HijackThis remove the one you don't need:
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>> imekrmig.exe is a process belonging to the Microsoft Office Suite, and is responsible for the input of alternate alphabet languages such as Arabic, Chinese and Korean.
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>> Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>> Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENamePart of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word>>
The following will expose you to constant source of infection. I recommend you stop the processes and uninstall BitComet:
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet
\BitComet.exe/AddAllLink.htm
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
I cannot verify the CLSID. Recommend stop both of the following:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0EF7355-E839-4A5D-9D3D-8DB6E4D33CE9}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: ellqth.dll
Now close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK all but the AV and Firewall, touchpad if on laptop, network process if on network> Apply> OK
Control Panel> Add/Remove programs> UNINSTALL the following:
All Java EXCEPT v6u10.
BitComet
Language program you decide isn't needed.
Any other program you do not use.
Start> Run> services.msc. right click on CLTNetCnService> Properties> change Startup type to Disabled.
It appears you may have had the Symantec Security Suite, but uninstall did not remove this process. I will have you download the removal tool to run later.
Reboot into Normal mode. you will get a nag message that you can close after checking 'don't show this message again'.
Rescan with HijackThis and attach log. Please give current status of system at that time.
Download Norton Removal Tool and Save to Desktop. Open and run from there:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
