Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need help removing virus.

Started by eightoheight , May 15 2011 02:36 PM

  • This topic is locked This topic is locked
4 replies to this topic

#1 eightoheight

eightoheight

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 15 May 2011 - 02:36 PM

I have a really bad virus on my computer. It won't let me browse the internet with FireFox and every time I open anything a new process, kit.exe, starts. I'm able to end it but it eventually comes back in multiples if I do.

I read a few forums but can't find anything that actually helps me (mostly because I can't understand what's being said - I'm not a "techie"), so I was wondering if anyone here could help me out.

I ran a few scans and below are the logs. The virus wouldn't let me run ComboFix. I could download it but the .exe file got changed to a different name in the process and when they told me to change the name back (a message popped up) the virus started 12 new processes and shut my system down. It did the same thing with Malwarebytes' Anti-Malware. As for Kaspersky, it scanned for about two hours, was at 75% then fell down to 12% and got stuck there for another 2 hours so I couldn't do a scan on there.



NoMD5:


NoMD5Sys by jpshortstuff (29.10.09.1)
Log created at 23:26 on 28/03/2011 (Compaq_Owner)


-=E.O.F=-

C:\WINDOWS\system32\en-us...
C:\WINDOWS\system32\export...
C:\WINDOWS\system32\FxsTmp...
C:\WINDOWS\system32\icsxml...
C:\WINDOWS\system32\IME...
C:\WINDOWS\system32\IME\CINTLGNT...
C:\WINDOWS\system32\IME\PINTLGNT...
C:\WINDOWS\system32\IME\TINTLGNT...
C:\WINDOWS\system32\inetsrv...
C:\WINDOWS\system32\Macromed...
C:\WINDOWS\system32\Macromed\Director...
C:\WINDOWS\system32\Macromed\Flash...
C:\WINDOWS\system32\Macromed\Shockwave 10...
C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras...
C:\WINDOWS\system32\Microsoft...
C:\WINDOWS\system32\Microsoft\Protect...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User...
C:\WINDOWS\system32\MpEngineStore...
C:\WINDOWS\system32\MpEngineStore\History...
C:\WINDOWS\system32\MpEngineStore\History\Reboot...
C:\WINDOWS\system32\MpEngineStore\RebootActions...
C:\WINDOWS\system32\MsDtc...
C:\WINDOWS\system32\MsDtc\Trace...
C:\WINDOWS\system32\mui...
C:\WINDOWS\system32\mui\0009...
C:\WINDOWS\system32\mui\0409...
C:\WINDOWS\system32\mui\041b...
C:\WINDOWS\system32\mui\0424...
C:\WINDOWS\system32\mui\dispspec...
C:\WINDOWS\system32\oobe...
C:\WINDOWS\system32\pcintro...
C:\WINDOWS\system32\pcintro\elements...
C:\WINDOWS\system32\pcintro\elements\photos...
C:\WINDOWS\system32\pcintro\elements\ro_icons...
C:\WINDOWS\system32\pcintro\elements\timeline...
C:\WINDOWS\system32\pcintro\elements\timeline\3...
C:\WINDOWS\system32\pcintro\elements\timeline\4...
C:\WINDOWS\system32\pcintro\elements\timeline\5...
C:\WINDOWS\system32\pcintro\elements\timeline\6...
C:\WINDOWS\system32\pcintro\elements\titleblocks...
C:\WINDOWS\system32\pcintro\elements\wait...
C:\WINDOWS\system32\PreInstall...
C:\WINDOWS\system32\PreInstall\WinSE...
C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1...
C:\WINDOWS\system32\QuickTime...
C:\WINDOWS\system32\ReinstallBackups...
C:\WINDOWS\system32\ReinstallBackups\0000...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0001...
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0003...
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386...
C:\WINDOWS\system32\Restore...
C:\WINDOWS\system32\scripting...
C:\WINDOWS\system32\Setup...
C:\WINDOWS\system32\SoftwareDistribution...
C:\WINDOWS\system32\SoftwareDistribution\Setup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.
226...
C:\WINDOWS\system32\spool...
C:\WINDOWS\system32\spool\drivers...
C:\WINDOWS\system32\spool\drivers\color...
C:\WINDOWS\system32\spool\drivers\w32x86...
C:\WINDOWS\system32\spool\drivers\w32x86\3...
C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4400_se709...
C:\WINDOWS\system32\spool\PRINTERS...
C:\WINDOWS\system32\spool\prtprocs...
C:\WINDOWS\system32\spool\prtprocs\w32x86...
C:\WINDOWS\system32\spool\prtprocs\x64...
C:\WINDOWS\system32\spool\XPSEP...
C:\WINDOWS\system32\spool\XPSEP\amd64...
C:\WINDOWS\system32\spool\XPSEP\amd64\amd64...
C:\WINDOWS\system32\spool\XPSEP\i386...
C:\WINDOWS\system32\spool\XPSEP\i386\i386...
C:\WINDOWS\system32\URTTemp...
C:\WINDOWS\system32\usmt...
C:\WINDOWS\system32\wbem...
C:\WINDOWS\system32\wbem\AutoRecover...
C:\WINDOWS\system32\wbem\Logs...
C:\WINDOWS\system32\wbem\mof...
C:\WINDOWS\system32\wbem\mof\bad...
C:\WINDOWS\system32\wbem\mof\good...
C:\WINDOWS\system32\wbem\Performance...
C:\WINDOWS\system32\wbem\Repository...
C:\WINDOWS\system32\wbem\Repository\FS...
C:\WINDOWS\system32\wbem\snmp...
C:\WINDOWS\system32\wbem\xml...
C:\WINDOWS\system32\XPSViewer...
C:\WINDOWS\system32\XPSViewer\en-US...
C:\WINDOWS\Tasks...
C:\WINDOWS\Temp...
C:\WINDOWS\twain_32...
C:\WINDOWS\twain_32\913D Camera...
C:\WINDOWS\twain_32\hpsj_0000...
C:\WINDOWS\twain_32\JL2005D...
C:\WINDOWS\twain_32\MyDSC...
C:\WINDOWS\twain_32\MyDSC\Skin...
C:\WINDOWS\twain_32\MyDSC\Temp...
C:\WINDOWS\twain_32\QuickCam...
C:\WINDOWS\VerizonOnline...
C:\WINDOWS\VerizonOnline\SfpSrvrLogs...
C:\WINDOWS\WBEM...
C:\WINDOWS\Web...
C:\WINDOWS\Web\printers...
C:\WINDOWS\Web\printers\images...
C:\WINDOWS\Web\Wallpaper...
C:\WINDOWS\Web\Wallpaper\welcome...
C:\WINDOWS\WinSxS...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
673f7fa2...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
069f922e...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-
ww_22d6ba8a...
C:\WINDOWS\WinSxS\InstallTemp...
C:\WINDOWS\WinSxS\Manifests...
C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e...

C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e...
C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww
_97359ba5...
C:\WINDOWS\WinSxS\Policies...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_
x-ww_fe3d5721...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_
x-ww_16f3e195...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e
3b_x-ww_ca951597...
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144cc
f1df_x-ww_4e8510ac...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.1.Microsoft.MSXML2R_6bd6b9abf345378f_x-w
w_679a1c95...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-w
w_88e8eab8...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_659
5b64144ccf1df_x-ww_a0111510...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_65
95b64144ccf1df_x-ww_362e60dd...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_65
95b64144ccf1df_x-ww_c7b7206f...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtim
e-Libraries_6595b64144ccf1df_x-ww_527a1c68...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595
b64144ccf1df_x-ww_5ddad775...
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_659
5b64144ccf1df_x-ww_a317e4b3...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-
ww_5f0bbcff...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-
ww_77c24773...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_caeee150...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-
ww_0f75c32e...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b
_x-ww_7d81c9f9...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-
ww_9e7eb501...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-
ww_b7353f75...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_b8438ace...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-
ww_4ee8bb30...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b
_x-ww_6ad67377...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da...

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5
d...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d
5...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.0.0_x-ww_ff9986d7...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.9792.0_x-ww_08a6620a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_47
3666fd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_78
37863c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb
27474...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85
597b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b8
0fa8ca...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6
967989...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_17
9798c8...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de5
6c07...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww
_0ccc058c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_3dcd24cb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
91481303...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_3
41af80a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b7
7cec8e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e8
7e0bcd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf
8fa05...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decb
df0c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_189d6662...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
6c18549a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf
0e9...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_35
3599c2...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65
b7a93a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0
375...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d4
95ac4e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_05
17bbc6...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11
f3ea3a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_15fc9313...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_467ea28b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a1737
67a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a5
7c1f53...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5
fe2ecb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ec
c42bd1...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_f0ccd4aa...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_214ee422...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0
_x-ww_1382d70a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2180_x-ww_a84f1ff9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2982_x-ww_ac3f9c03...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.5512_x-ww_35d4ce83...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.6028_x-ww_61e65202...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.
0_x-ww_2726e76a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.2180_x-ww_b2505ed9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.5512_x-ww_3fd60d63...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d
353f13...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x
-ww_522f9f82...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x
-ww_dfb54e0c...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_
x-ww_f0b4c2df...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_
x-ww_c7dad023...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2
.3_x-ww_468466a7...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2
.3_x-ww_d6bd8b95...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2
.3_en_16a24bc0...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww
_7d5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d
5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0(2).0_x-ww
_29b51492...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29
b51492...

Done!





HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:51 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Easy Dock] C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\My Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [quosbhhm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kftsxsyut\tifbdvtsika.exe
O4 - HKCU\..\Run: [kchktphm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\jphgxmyue\kfpsqgssika.exe
O4 - HKCU\..\Run: [tliimboh] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kimckdjsp\vnnjwnfsika.exe
O4 - HKCU\..\Run: [ylmglgmc] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kejmdvbvt\tpmubtgsika.exe
O4 - HKUS\S-1-5-18\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'Default user')
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Program Files\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8085 bytes

    Advertisements

Register to Remove

#2 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 15 May 2011 - 11:27 PM

Hi, welcome to the WTT Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following:

  • Absence of symptoms does not always mean the computer is clean
  • Please do not run any scans or fixes without my direction.
  • Finally, stay with this topic until I give you the final 'All clear' post.

1) HijackThis
  • Open up Hijack This
  • Click the Do a system scan only button
  • Tick the checkbox next to the following items:
    • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
    • O4 - HKCU\..\Run: [quosbhhm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kftsxsyut\tifbdvtsika.exe
    • O4 - HKCU\..\Run: [kchktphm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\jphgxmyue\kfpsqgssika.exe
    • O4 - HKCU\..\Run: [tliimboh] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kimckdjsp\vnnjwnfsika.exe
    • O4 - HKCU\..\Run: [ylmglgmc] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kejmdvbvt\tpmubtgsika.exe
    • O4 - HKUS\S-1-5-18\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'SYSTEM')
    • O4 - HKUS\.DEFAULT\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'Default user')
  • Ensure all other windows and browsers besides Hijack This are closed, then click Fix Checked

2) exeHelper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

3) DDS
Please download DDS and save it to your desktop from here or here or here.
Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

4) GMER
Please download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and put it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

5) What You Will Need To Post:
  • exeHelper log
  • DDS log
  • GMER log

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 19 May 2011 - 07:09 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#4 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 23 May 2011 - 08:00 PM

Reopened as per request.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#5 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 25 May 2011 - 05:43 PM

Seven other topics?!

http://forums.cnet.c...102-526910.html
http://www.spywarein...removing-virus/
http://www.techsuppo...rus-574065.html
http://forum.bullgua...irus_91555.html
http://forums.majorg...ad.php?t=237530
http://www.geekstogo...removing-virus/
http://www.bleepingc...opic397551.html

I don't know why you would post at that many forums in which volunteer helpers work - seven helpers that could be working on other machines instead of all battling on the same one. Then, once I give you instructions you did not even follow them, and came back a few days later at this forum (and another where you went inactive) and requested them to be reopened, even after being told at another forum that you cannot ask for request from multiple forums.

Topic closed, permanently.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·