Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Computer severely impacted to almost standstill

Started by bharris3 , Oct 24 2009 12:21 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 bharris3

bharris3

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 24 October 2009 - 12:21 PM

Hi,

I believe that my computer is heavily infected with viruses, spyware, botware, etc. I've run the usual software, SPYBOT, Adaware, etc., and even de-fragged the disk. This has helped somewhat (although not much) but I need more for this computer to be functional.
Please help...I am posting the log file for hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:37 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Update Service (gupdate1c9bdf5ff879839) (gupdate1c9bdf5ff879839) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 11536 bytes

Thanks in advance for your help,

Bill

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 27 October 2009 - 11:40 AM

Hi bharris3,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Nothing showing. Let's get a better scan.

  • Download DDS and save it to your desktop from
  • Here
  • here or
  • here.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
  • We Need to check for Rootkits with RootRepeal
    • Download RootRepeal from one of the following locations and save it to your desktop.
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • In the Select Scan dialog, check
      Posted Image
    • Push Ok
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
  • Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

  • Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.

  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 bharris3

bharris3

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 31 October 2009 - 12:51 PM

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/31 14:47 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBAC8D000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaedf6ea #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\kmxagent.sys" at address 0xf3615fd2 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaee040b #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaee075c #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaedf64e #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaee0130 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\kmxagent.sys" at address 0xf3615662 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\KmxSbx.sys" at address 0xbaee0538 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Owner at 14:38:37.92 on Sat 10/31/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.63 [GMT -4:00] AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\cfgmng32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\mdmcls32.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iTunes\iTunes.exe C:\Download\dds.scr C:\Program Files\iTunes\iTunes.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Steam] "c:\program files\steam\Steam.exe" -silent uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CHotkey] zHotkey.exe mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [dvHighMem] c:\windows\cfgmng32.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: winsflt.dll LSP: c:\windows\system32\VetRedir.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner~1.fam\applic~1\mozilla\firefox\profiles\wvi1bsbj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayForGuests&guest=1&rand=0.7810669117226913 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - plugin: c:\documents and settings\owner.family\application data\mozilla\firefox\profiles\wvi1bsbj.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-4-14 26376] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-4-14 21128] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739752] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-4-14 21512] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-4-14 32264] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133576] =============== Created Last 30 ================ 2009-10-31 14:34 <DIR> --d----- c:\program files\iPod 2009-10-24 14:19 <DIR> --d----- c:\program files\Trend Micro 2009-10-16 08:37 <DIR> --d----- c:\docume~1\owner~1.fam\applic~1\IObit 2009-10-13 10:29 739,752 a------- c:\windows\system32\drivers\vetefile.sys 2009-10-13 10:29 133,576 a------- c:\windows\system32\drivers\veteboot.sys ==================== Find3M ==================== 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2 2009-10-30 23:14 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1 2009-10-30 23:14 656,616 a------- c:\windows\system32\drivers\kmxcfg.u2k0 2009-09-20 19:59 68,964 a------- c:\windows\hpoins05.dat 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:36 832,512 a------- c:\windows\system32\wininet.dll 2009-08-29 03:36 78,336 a------- c:\windows\system32\ieencode.dll 2009-08-29 03:36 17,408 a------- c:\windows\system32\corpol.dll 2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2008-09-15 14:49 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT 2007-03-21 04:21 300,680 -------- c:\docume~1\alluse~1\applic~1\arclib.dll 2007-02-09 23:26 10,240 a--sh--- c:\windows\rnapxs\rnapxs.dat 2008-08-06 03:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat ============= FINISH: 14:43:49.35 ===============

Attached Files


#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 01 November 2009 - 11:32 PM

bharris3,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "JRE 6 Update 16".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 bharris3

bharris3

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 04 November 2009 - 08:59 PM

ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=53251 esets_scanner_update returned -1 esets_gle=53251 # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=d7e9b34bcf4a5041af12ca2a62b4b165 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-05 12:42:43 # local_time=2009-11-04 07:42:43 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=4865 21 100 100 526268750000 # scanned=430584 # found=39 # cleaned=0 # scan_time=40482 C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-62bca319.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-6446b751.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-11ad9bc9.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-4281f402.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-65bdc427.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Download\Portable_Time_Stopper_1.2.rar a variant of Win32/PSW.Delf.NRC trojan 00000000000000000000000000000000 I C:\Download\Magical Key Finder\keyfinder.exe Win32/PSWTool.RAS.A application 00000000000000000000000000000000 I C:\Download\Magical Key Finder\Magical Key Finder.zip Win32/PSWTool.RAS.A application 00000000000000000000000000000000 I C:\Old Disk 1\Download\AddictionPinball-dm.exe a variant of Win32/Adware.Trymedia application 00000000000000000000000000000000 I C:\Old Disk 1\Download\BSINSTALL.exe multiple threats 00000000000000000000000000000000 I C:\Old Disk 1\Download\BSINSTALL2.exe multiple threats 00000000000000000000000000000000 I C:\Old Disk 1\Download\BSINSTALL3.exe multiple threats 00000000000000000000000000000000 I C:\Old Disk 1\Download\flight_simulator_2002_crack.exe a variant of Win32/Dialer.StarDialer application 00000000000000000000000000000000 I C:\Old Disk 1\Download\Install_AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I C:\Old Disk 1\Download\kaaza.exe a variant of Win32/Dialer.StarDialer application 00000000000000000000000000000000 I C:\Old Disk 1\Download\kazaa_lite_202_english.exe Win32/Adware.Altnet application 00000000000000000000000000000000 I C:\Old Disk 1\Download\The_Sims-Livin_Large.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Old Disk 1\Download\Risk\CLASS.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Old Disk 1\Download\Risk\Risk 2+Crack.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I C:\Old Disk 1\Old Download\Install_AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc21.zip Win32/Obfuscated.A1 trojan 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc22.zip Win32/Obfuscated.A1 trojan 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc23.exe Win32/Obfuscated.A1 trojan 00000000000000000000000000000000 I J:\Download\AddictionPinball-dm.exe a variant of Win32/Adware.Trymedia application 00000000000000000000000000000000 I J:\Download\BSINSTALL.exe multiple threats 00000000000000000000000000000000 I J:\Download\BSINSTALL2.exe multiple threats 00000000000000000000000000000000 I J:\Download\Install_AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I J:\Download\Risk\CLASS.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I J:\Download\Risk\Risk 2+Crack.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I J:\Program Files\aim\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000 I J:\Program Files\Common Files\csshare\plugins\npclntax.dll Win32/Adware.180Solutions application 00000000000000000000000000000000 I J:\Program Files\Common Files\csshare\plugins0942\npclntax.dll Win32/Adware.180Solutions application 00000000000000000000000000000000 I J:\Program Files\Mozilla Firefox\plugins\npclntax.dll Win32/Adware.180Solutions application 00000000000000000000000000000000 I J:\WINDOWS\system\abc.exe Win32/RemoteAdmin application 00000000000000000000000000000000 I J:\WINDOWS\system\fullname.txt IRC/Cloner.AV trojan 00000000000000000000000000000000 I J:\WINDOWS\system\ident.txt IRC/Cloner.AV trojan 00000000000000000000000000000000 I J:\WINDOWS\system\nicks.txt IRC/Cloner.AV trojan 00000000000000000000000000000000 I J:\WINDOWS\system32\r_server.exe Win32/RemoteAdmin application 00000000000000000000000000000000 I

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 November 2009 - 10:58 PM

bharris3,

Well, that appears to have revealed the crux of your problem. You download pirated and contaminated software.

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
    (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Files
C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-62bca319.zip
C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-6446b751.zip
C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-11ad9bc9.zip
C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-4281f402.zip
C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-65bdc427.zip
C:\Download\Portable_Time_Stopper_1.2.rar
C:\Download\Magical Key Finder\keyfinder.exe
C:\Download\Magical Key Finder\Magical Key Finder.zip
C:\Old Disk 1\Download\AddictionPinball-dm.exe
C:\Old Disk 1\Download\BSINSTALL.exe
C:\Old Disk 1\Download\BSINSTALL2.exe
C:\Old Disk 1\Download\BSINSTALL3.exe
C:\Old Disk 1\Download\flight_simulator_2002_crack.exe
C:\Old Disk 1\Download\Install_AIM.exe
C:\Old Disk 1\Download\kaaza.exe
C:\Old Disk 1\Download\kazaa_lite_202_english.exe
C:\Old Disk 1\Download\The_Sims-Livin_Large.exe
C:\Old Disk 1\Download\Risk\CLASS.EXE
C:\Old Disk 1\Download\Risk\Risk 2+Crack.exe
C:\Old Disk 1\Old Download\Install_AIM.exe
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc21.zip
C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc22.zip
C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc23.exe
J:\Download\AddictionPinball-dm.exe
J:\Download\BSINSTALL.exe
J:\Download\BSINSTALL2.exe
J:\Download\Install_AIM.exe
J:\Download\Risk\CLASS.EXE
J:\Download\Risk\Risk 2+Crack.exe
J:\Program Files\aim\Sysfiles\WxBug.EXE
J:\Program Files\Common Files\csshare\plugins\npclntax.dll
J:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
J:\Program Files\Mozilla Firefox\plugins\npclntax.dll
J:\WINDOWS\system\abc.exe
J:\WINDOWS\system\fullname.txt
J:\WINDOWS\system\ident.txt
J:\WINDOWS\system\nicks.txt
J:\WINDOWS\system32\r_server.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

Download Rooter.exe to your desktop

  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 bharris3

bharris3

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 05 November 2009 - 12:40 PM

OTM LOG All processes killed ========== PROCESSES ========== ========== FILES ========== C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-62bca319.zip moved successfully. C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-6446b751.zip moved successfully. C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-11ad9bc9.zip moved successfully. C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-4281f402.zip moved successfully. C:\Documents and Settings\Owner.FAMILY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-65bdc427.zip moved successfully. C:\Download\Portable_Time_Stopper_1.2.rar moved successfully. C:\Download\Magical Key Finder\keyfinder.exe moved successfully. C:\Download\Magical Key Finder\Magical Key Finder.zip moved successfully. C:\Old Disk 1\Download\AddictionPinball-dm.exe moved successfully. C:\Old Disk 1\Download\BSINSTALL.exe moved successfully. C:\Old Disk 1\Download\BSINSTALL2.exe moved successfully. C:\Old Disk 1\Download\BSINSTALL3.exe moved successfully. C:\Old Disk 1\Download\flight_simulator_2002_crack.exe moved successfully. C:\Old Disk 1\Download\Install_AIM.exe moved successfully. C:\Old Disk 1\Download\kaaza.exe moved successfully. C:\Old Disk 1\Download\kazaa_lite_202_english.exe moved successfully. C:\Old Disk 1\Download\The_Sims-Livin_Large.exe moved successfully. C:\Old Disk 1\Download\Risk\CLASS.EXE moved successfully. C:\Old Disk 1\Download\Risk\Risk 2+Crack.exe moved successfully. C:\Old Disk 1\Old Download\Install_AIM.exe moved successfully. C:\Program Files\Morpheus\morpheustoolbar.exe moved successfully. C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc21.zip moved successfully. C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc22.zip moved successfully. C:\RECYCLER\S-1-5-21-1908096726-2267460080-512852799-1006\Dc23.exe moved successfully. J:\Download\AddictionPinball-dm.exe moved successfully. J:\Download\BSINSTALL.exe moved successfully. J:\Download\BSINSTALL2.exe moved successfully. J:\Download\Install_AIM.exe moved successfully. J:\Download\Risk\CLASS.EXE moved successfully. J:\Download\Risk\Risk 2+Crack.exe moved successfully. J:\Program Files\aim\Sysfiles\WxBug.EXE moved successfully. DllUnregisterServer procedure not found in J:\Program Files\Common Files\csshare\plugins\npclntax.dll J:\Program Files\Common Files\csshare\plugins\npclntax.dll NOT unregistered. J:\Program Files\Common Files\csshare\plugins\npclntax.dll moved successfully. DllUnregisterServer procedure not found in J:\Program Files\Common Files\csshare\plugins0942\npclntax.dll J:\Program Files\Common Files\csshare\plugins0942\npclntax.dll NOT unregistered. J:\Program Files\Common Files\csshare\plugins0942\npclntax.dll moved successfully. DllUnregisterServer procedure not found in J:\Program Files\Mozilla Firefox\plugins\npclntax.dll J:\Program Files\Mozilla Firefox\plugins\npclntax.dll NOT unregistered. J:\Program Files\Mozilla Firefox\plugins\npclntax.dll moved successfully. J:\WINDOWS\system\abc.exe moved successfully. J:\WINDOWS\system\fullname.txt moved successfully. J:\WINDOWS\system\ident.txt moved successfully. J:\WINDOWS\system\nicks.txt moved successfully. J:\WINDOWS\system32\r_server.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: FAMILY User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 370864693 bytes User: New Folder User: Owner User: Owner.FAMILY File delete failed. C:\Documents and Settings\Owner.FAMILY\Local Settings\Temp\~DF333D.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 56778945 bytes ->Temporary Internet Files folder emptied: 137815559 bytes ->Java cache emptied: 26269265 bytes ->FireFox cache emptied: 146709945 bytes ->Google Chrome cache emptied: 6065272 bytes ->Opera cache emptied: 8373761 bytes User: OWNER~1~FAM %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 346641 bytes Windows Temp folder emptied: 2185890 bytes RecycleBin emptied: 94078615 bytes Total Files Cleaned = 810.28 mb OTM by OldTimer - Version 3.0.0.6 log created on 11052009_131537 Files moved on Reboot... C:\Documents and Settings\Owner.FAMILY\Local Settings\Temp\~DF333D.tmp moved successfully. Registry entries deleted on Reboot... ROOTER LOG Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 75 Stepping 2, AuthenticAMD . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 7.0.5730.11 . C:\ [Fixed-NTFS] .. ( Total:227 Go - Free:51 Go ) D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:3 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] J:\ [Fixed-NTFS] .. ( Total:74 Go - Free:14 Go ) K:\ [Removable] . Scan : 13:34.51 Path : C:\Download\Rooter.exe User : Owner ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (772) ______ \??\C:\WINDOWS\system32\csrss.exe (1112) ______ \??\C:\WINDOWS\system32\winlogon.exe (1728) ______ C:\WINDOWS\system32\services.exe (1884) ______ C:\WINDOWS\system32\lsass.exe (1972) ______ C:\WINDOWS\system32\svchost.exe (892) ______ C:\WINDOWS\system32\svchost.exe (1564) ______ C:\WINDOWS\System32\svchost.exe (588) ______ C:\WINDOWS\system32\svchost.exe (944) ______ C:\WINDOWS\system32\svchost.exe (1456) ______ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (1756) ______ C:\WINDOWS\system32\spoolsv.exe (852) ______ C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (1000) ______ C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (1016) ______ C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (1276) ______ C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (1316) ______ C:\WINDOWS\system32\svchost.exe (396) ______ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1092) ______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (1168) ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (1332) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1488) ______ C:\WINDOWS\arservice.exe (1624) ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (1896) ______ C:\Program Files\Bonjour\mDNSResponder.exe (204) ______ C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (1364) ______ C:\Program Files\Executive Software\DiskeeperLite\DKService.exe (840) ______ C:\WINDOWS\eHome\ehRecvr.exe (1612) ______ C:\WINDOWS\eHome\ehSched.exe (1420) ______ C:\WINDOWS\system32\svchost.exe (1284) ______ C:\WINDOWS\system32\inetsrv\inetinfo.exe (2732) ______ C:\WINDOWS\Explorer.EXE (1160) ______ C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe (3976) ______ C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (4040) ______ C:\Program Files\Java\jre6\bin\jqs.exe (2584) ______ C:\WINDOWS\system32\nvsvc32.exe (3304) ______ C:\WINDOWS\system32\HPZipm12.exe (924) ______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (2156) ______ C:\WINDOWS\notepad.exe (3684) ______ C:\WINDOWS\ehome\ehtray.exe (2944) ______ C:\WINDOWS\zHotkey.exe (3088) ______ C:\WINDOWS\cfgmng32.exe (2524) ______ C:\WINDOWS\system32\RUNDLL32.EXE (3076) ______ C:\WINDOWS\RTHDCPL.EXE (3256) ______ C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (3524) ______ C:\WINDOWS\system32\svchost.exe (3904) ______ C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (232) ______ C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (3288) ______ C:\WINDOWS\system32\svchost.exe (3680) ______ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (3232) ______ C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (3528) ______ C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (2496) ______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2836) ______ C:\WINDOWS\system32\mdmcls32.exe (2828) ______ C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (992) ______ C:\Program Files\iTunes\iTunesHelper.exe (3412) ______ C:\Program Files\Java\jre6\bin\jusched.exe (4068) ______ C:\WINDOWS\ehome\mcrdsvc.exe (2168) ______ C:\WINDOWS\system32\ctfmon.exe (4004) ______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1700) ______ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (1360) ______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (3676) ______ C:\WINDOWS\system32\dllhost.exe (3340) ______ C:\WINDOWS\eHome\ehmsas.exe (1780) ______ C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (3352) ______ C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (2320) ______ C:\Program Files\iPod\bin\iPodService.exe (1816) ______ C:\WINDOWS\System32\alg.exe (756) ______ C:\WINDOWS\system32\rundll32.exe (1688) ______ C:\Program Files\Mozilla Firefox\firefox.exe (5572) ______ C:\DOCUME~1\OWNER~1.FAM\LOCALS~1\Temp\_iu14D2N.tmp (1040) ______ C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (3580) ______ C:\Download\Rooter.exe (1124) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:5765921280 | Length:244282590720) \Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:5765889024) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 4 24 PM.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\EasyShare Registration Task.job C:\WINDOWS\Tasks\GlaryInitialize.job C:\WINDOWS\Tasks\Google Software Updater.job C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\Tasks\NSSstub.job C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 2 30 AM.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 13:36.27 . C:\Rooter$\Rooter_1.txt - (05/11/2009 | 13:36.27)

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 05 November 2009 - 12:43 PM

bharris3, Please post me new DDS logs and let me know how things are running now.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 11 November 2009 - 12:47 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·