Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

randomgene hjt log


  • This topic is locked This topic is locked
23 replies to this topic

#1 randomgene

randomgene

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 06 April 2009 - 03:00 AM

symptoms include redirection to other websites, low performance and constant registry errors -
here's the HJT log -
any help apreciated


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:26 PM, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 207.210.117.53 www.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\mdjoiujg.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O24 - Desktop Component 0: (no name) - http://by134fd.bay134.hotmail.msn.com/cgi-...&mimepart=5
O24 - Desktop Component 1: (no name) - http://www.musicxp.net/jpeg/logo3_small.jpg
O24 - Desktop Component 2: (no name) - http://digitalart.org/images/artwork/00565...trospection.jpg
O24 - Desktop Component 3: (no name) - http://www.sonicyouth.com/mustang/eq/06tamp02.jpg

--
End of file - 6533 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 17 April 2009 - 02:54 AM

Hello randomgene,

Please post a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 17 April 2009 - 03:07 PM

no problems and thanks -

I recently installed onecare which helped a little (removed redirection to websites) and also used regcure. This has helped a little but the same malware is detected each time I do a scan despite protection software claiming it has been removed. Speed is still awful.

Much respect for your help -



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:33 AM, on 12/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - (no file)

--
End of file - 4910 bytes

Attached Files



#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 18 April 2009 - 02:53 AM

Hello randomgene,

Disable Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search


Did you set the above as your Search page?
----------------------------------------------
Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat
Please save it on your desktop.

@echo off
sc stop LVPrcSrv
sc delete LVPrcSrv
exit


Double click FixServices.bat. A window will open and close. This is normal.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - (no file)


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
A new HijackThis log.
Tell me how the pc is running now.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 18 April 2009 - 04:41 PM

Files atttached as requested -

Performance seems a little better though its hard to say if its back to original as the degradation in speed has been slow up until april -

See how the reports look and let me know what you think.

Thanks again by the way - I don't know what inspires you to help strangers out but it is inspiring in itself!

D

Attached Files



#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 19 April 2009 - 06:17 AM

Hello randomgene,

Thanks again by the way - I don't know what inspires you to help strangers out but it is inspiring in itself!

You are welcome. :) I just don't like malware :thumbup2:
----------------------------------------------
Latest version of Java doesn't show in HijackThis log, so i want you to go in your Add/Remove programs, and see if you have the latest update which is "Java Runtime Environment Version 6 Update 13. If this is the one you have ignore the below instructions.

If you have an earlier version, follow the instructions below.
----------------------------------------------
Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 13.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 13
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u13-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
Rooter.exe

Download Rooter.exe to your desktop.
  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.
----------------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/...install-man.jpg
----------------------------------------------
Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log.
----------------------------------------------
Note: Please do not post attachments, they make my work difficult.

Post back:
Rooter.exe report.
Programs list.
Kaspersky report.
A new HijackThis log.
----------------------------------------------

symptoms include redirection to other websites, low performance and constant registry errors

Do you still have any issues with redirections and registry errors?
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 20 April 2009 - 01:54 AM

Redirection has stopped.

Have latest java.

In the beginning of rooter it says "exception process message . . . etc" but if i hit continue it keeps going and prints report.

Ran hijack this program list.

Couldn't get Kaspersky to run (applet failed to load - it said to go online but I already was.

all reports attached as text:

Ableton Live v6.0.7
AC3Filter (remove only)
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Addictive Drums
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player
AllToAVI v4 r5394
ALZip
AmpliTube2
Antares Autotune DX v4.12
Antares Auto-Tune v4.39
Antares AVOX Vocal Kit Bundle VST v1.02
Antares Filter VST DX v1.0
Antares Kantos v1.0
Antares Microphone Modeler DX v1.32
Antares Tube v1.0
Antares Tube v1.02 RTAS
Apex Video to MP3 WMA WAV Converter Free 4.37
ARP2600 V
Arp-X8
ASAPI Update
ASCII Art Generator 3.2.2
ASIO4ALL
AudioRealism Bass Line 2 (remove only)
Azureus
BassStation
Beta Bugs BugPack1 VST
Celemony Melodyne Plugin VST RTAS v1.0
Citrix XenApp Web Plugin
CM Vocoder
CoView
Cucusoft MPEG to DVD Author 1.09
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.07
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Raw Codec
dBpowerAMP Tag From Filename
Delta
dMC Power Pack
DoremiSoft AVI to WAV Converter 1.5
Dream Sequencer v1.3
DVD Solution
Dynasone VST 2.02
Elemental Audio Neodynium VST RTAS
Elemental Audio Systems Inspector XL VST RTAS 1.0.1
Enigma
Free Bomb Factory Plug-Ins 7.0
Free CD-DA Extractor 4.8
fxpansion!DR002
GTOneCare
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IK Multimedia Amplitube v1.3
InterLok Driver Kit
Interlok driver setup x32
iTunes
Java™ 6 Update 13
K-Lite Codec Pack 2.24 Full
L&H TTS3000 Japanese
Lexicon PSP 42 VST DX v1.0
Malwarebytes' Anti-Malware
Melodyne 3.2
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Protection Service
Microsoft Reader
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Windows Live OneCare Resources v2.5.2900.24
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.24
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
MIDI-OX
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Launcher
Music Utilities
Native Instruments Absynth 3
Native Instruments Battery 3
Native Instruments Electronic Instruments Vol.2 For Reaktor 4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments GuitarRig2 RTAS VSTi DXi
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Reaktor 5
Native Instruments Spektral Delay v1.57
Native Instruments Vokator v1.0
Nero OEM
Nomad Factory Blue Tubes Bundle v2.0
Nomad Factory Liquid Bundle VST v1.6
Nomad Factory Rock Amp Legends VST v1.0
OhmForce Ohmygod VST2
Ohmforce Quad Frohmage PRO VST v1.20
Opell Video to 3GP Converter V2.1.5
OptusNet DSL
OrangeVocoder VST 2.02
PCMark05
photoMAX
PiWarp VST 2.02
Plogue Bidule (remove only)
Pluggo 3.5.3 Runtime
PowerDVD
PSP 84 v1.0
PSP Audioware MixPack DX VST v1.7
PSP Nitro VST and DX 1.0
PSP VintageWarmer v1.5d
PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
PX Engine
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
RealPlayer
Realtek AC'97 Audio
Reason
ReBirth RB-338 2.01
ReCycle v2.1
RegCure 1.5.2.7
Registry Mechanic 6.0
rgc:audio sfz VSTi v1.96
rgc:audio Triangle II
rgc:audio z3ta+ VSTi v1.4
Rob Papen Albino 3
Roomulator VST 2.02
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Siemens Subscriber Networks SpeedStream DSL
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Skype™ 3.8
Sonalksis Plug-Ins for Windows 2.00
Sonic Charge µTonic VST
Sony Inflator RTAS v1.0
Sony Sound Forge 8.0b
SoulSeek Client 156c
SoulSeek Client 157 test 9
SpinAudio 3DDelays 1.0
SpinAudio RoomVerb M2 2.0 Demo
SpinAudio SpinDelay 1.2
SpinAudio SpinEQ CM 1.0 Demo
Spybot - Search & Destroy 1.5.2.20
Steinberg GRM Tools Vol.2
Steinberg GRM-Tools Volume One v1.2
Steinberg Magneto VST v1.5
Steinberg WaveLab 5.01a
TC Native Bundle v2.01 VST- Zone
TC Native Bundle v3.1
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
The Font Thing
Timeworks Millenium Pack
Tone2 FilterBank2 v1.4 VST VSTi
Transcender v2.06
TransType Pro
Trilogy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoxCiter VST 2.02
Voxengo LF-Punch VST 1.3.1
Waves 4.0
Waves Diamond Bundle 4.05
Waves Vocal Bundle v1.1
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordTalk
Xilisoft Video Converter Platinum
XviD 1.1 final uninstall


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:778 Mo)
D:\ [CD-Rom] (Total:4434 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:76316 Mo/Free:1687 Mo)
F:\ [CD-Rom] (Total:4406 Mo/Free:0 Mo)

Tue 14/04/2009|16:49

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
---------- C:\WINDOWS\System32\keyhook.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\DeltaIITray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
---------- C:\WINDOWS\System32\wbem\unsecapp.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Java\jre6\bin\java.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 14/04/2009|16:43
2 - "C:\Rooter$\Rooter_2.txt" - Tue 14/04/2009|16:49

----------------------\\ Scan completed at 16:49

#8 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 20 April 2009 - 02:47 AM

Hello randomgene,

Ad-Aware was not disabled in your latest HijackThis log.

Disable it following the instructions at the top of this post.

Retry Kaspersky and be sure you use IE for that. If still no go, try the scanner below:
(Needs IE again)
----------------------------------------------
Eset NOD32 Online AntiVirus
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
----------------------------------------------
Post back:
EsetOnlineScanner report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#9 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 21 April 2009 - 12:25 AM

turned off adaware and firewall and one care antivirus - no luck getting either eset or kaspursky open though =

here are the reports -

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:721 Mo)
D:\ [CD-Rom] (Total:4434 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:76316 Mo/Free:1687 Mo)
F:\ [CD-Rom] (Total:4406 Mo/Free:0 Mo)

Wed 15/04/2009|15:01

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\keyhook.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\OptusNet DSL Internet\DSC.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
---------- C:\WINDOWS\System32\DeltaIITray.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
---------- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 14/04/2009|16:43
2 - "C:\Rooter$\Rooter_2.txt" - Tue 14/04/2009|16:49
3 - "C:\Rooter$\Rooter_3.txt" - Wed 15/04/2009|15:03

----------------------\\ Scan completed at 15:03
Ableton Live v6.0.7
AC3Filter (remove only)
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Addictive Drums
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player
AllToAVI v4 r5394
ALZip
AmpliTube2
Antares Autotune DX v4.12
Antares Auto-Tune v4.39
Antares AVOX Vocal Kit Bundle VST v1.02
Antares Filter VST DX v1.0
Antares Kantos v1.0
Antares Microphone Modeler DX v1.32
Antares Tube v1.0
Antares Tube v1.02 RTAS
Apex Video to MP3 WMA WAV Converter Free 4.37
ARP2600 V
Arp-X8
ASAPI Update
ASCII Art Generator 3.2.2
ASIO4ALL
AudioRealism Bass Line 2 (remove only)
Azureus
BassStation
Beta Bugs BugPack1 VST
Celemony Melodyne Plugin VST RTAS v1.0
Citrix XenApp Web Plugin
CM Vocoder
CoView
Cucusoft MPEG to DVD Author 1.09
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.07
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Raw Codec
dBpowerAMP Tag From Filename
Delta
dMC Power Pack
DoremiSoft AVI to WAV Converter 1.5
Dream Sequencer v1.3
DVD Solution
Dynasone VST 2.02
Elemental Audio Neodynium VST RTAS
Elemental Audio Systems Inspector XL VST RTAS 1.0.1
Enigma
Free Bomb Factory Plug-Ins 7.0
Free CD-DA Extractor 4.8
fxpansion!DR002
GTOneCare
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IK Multimedia Amplitube v1.3
InterLok Driver Kit
Interlok driver setup x32
iTunes
Java™ 6 Update 13
K-Lite Codec Pack 2.24 Full
L&H TTS3000 Japanese
Lexicon PSP 42 VST DX v1.0
Malwarebytes' Anti-Malware
Melodyne 3.2
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Protection Service
Microsoft Reader
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Windows Live OneCare Resources v2.5.2900.24
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.24
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
MIDI-OX
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Launcher
Music Utilities
Native Instruments Absynth 3
Native Instruments Battery 3
Native Instruments Electronic Instruments Vol.2 For Reaktor 4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments GuitarRig2 RTAS VSTi DXi
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Reaktor 5
Native Instruments Spektral Delay v1.57
Native Instruments Vokator v1.0
Nero OEM
Nomad Factory Blue Tubes Bundle v2.0
Nomad Factory Liquid Bundle VST v1.6
Nomad Factory Rock Amp Legends VST v1.0
OhmForce Ohmygod VST2
Ohmforce Quad Frohmage PRO VST v1.20
Opell Video to 3GP Converter V2.1.5
OptusNet DSL
OrangeVocoder VST 2.02
PCMark05
photoMAX
PiWarp VST 2.02
Plogue Bidule (remove only)
Pluggo 3.5.3 Runtime
PowerDVD
PSP 84 v1.0
PSP Audioware MixPack DX VST v1.7
PSP Nitro VST and DX 1.0
PSP VintageWarmer v1.5d
PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
PX Engine
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
RealPlayer
Realtek AC'97 Audio
Reason
ReBirth RB-338 2.01
ReCycle v2.1
RegCure 1.5.2.7
Registry Mechanic 6.0
rgc:audio sfz VSTi v1.96
rgc:audio Triangle II
rgc:audio z3ta+ VSTi v1.4
Rob Papen Albino 3
Roomulator VST 2.02
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Siemens Subscriber Networks SpeedStream DSL
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Skype™ 3.8
Sonalksis Plug-Ins for Windows 2.00
Sonic Charge µTonic VST
Sony Inflator RTAS v1.0
Sony Sound Forge 8.0b
SoulSeek Client 156c
SoulSeek Client 157 test 9
SpinAudio 3DDelays 1.0
SpinAudio RoomVerb M2 2.0 Demo
SpinAudio SpinDelay 1.2
SpinAudio SpinEQ CM 1.0 Demo
Spybot - Search & Destroy 1.5.2.20
Steinberg GRM Tools Vol.2
Steinberg GRM-Tools Volume One v1.2
Steinberg Magneto VST v1.5
Steinberg WaveLab 5.01a
TC Native Bundle v2.01 VST- Zone
TC Native Bundle v3.1
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
The Font Thing
Timeworks Millenium Pack
Tone2 FilterBank2 v1.4 VST VSTi
Transcender v2.06
TransType Pro
Trilogy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoxCiter VST 2.02
Voxengo LF-Punch VST 1.3.1
Waves 4.0
Waves Diamond Bundle 4.05
Waves Vocal Bundle v1.1
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordTalk
Xilisoft Video Converter Platinum
XviD 1.1 final uninstall

#10 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 21 April 2009 - 05:53 AM

Hi randomgene,

Can you try this scanner? If the 1st one doesn't work, try 2nd one please.
----------------------------------------------
BitDefender Online Scan

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:
  • Posted Image
  • Action options - Report only
  • Second option - Report only
Once finished, click on "Click here to export the scan results"

Save the report to your desktop, then post those results in your next reply.
----------------------------------------------
PANDA ONLINE SCAN

Please go >here< to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#11 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 22 April 2009 - 08:45 PM

Got the first to work.

Here are the results:

BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Apr 17, 2009 - 11:44:58
Scan Info


Scanned Files
405702

Infected Files
4

Virus Detected

Trojan.Packed.48168
3

Trojan.Downloader.Agent.CD
1

#12 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 22 April 2009 - 08:47 PM

here's the printed report -


BitDefender Online Scanner



Scan report generated at: Fri, Apr 17, 2009 - 11:42:03





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
04:16:12

Files
389249

Folders
15510

Boot Sectors
0

Archives
3278

Packed Files
11143




Results

Identified Viruses
2

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
2849721

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Report

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\to sort_Download bleepe\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR\a-3222w.rar=>AiR\Keygen.exe
Infected with: Trojan.Packed.48168

C:\to sort_Download bleepe\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR\a-3222wa.zip=>a-3222w.rar=>AiR\Keygen.exe
Infected with: Trojan.Packed.48168

C:\to sort_Download bleepe\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR\AiR\Keygen.exe
Infected with: Trojan.Packed.48168

C:\WINDOWS\backup\TB040909.DAT=>(Embedded EXE g)
Infected with: Trojan.Downloader.Agent.CD

#13 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 23 April 2009 - 12:32 PM

Hello randomgene,

I am glad at least one scanner worked at last.

I see some cracks/keygens on your pc. They are illegal and the main source of infections. Let's remove them.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\to sort_Download bleepe\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR

Also even if this is a backup, it's infected, so remove it.

C:\WINDOWS\backup\TB040909.DAT
----------------------------------------------
Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.1.
You can download it from http://get.adobe.com/reader/
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader, you can download Foxit PDF Reader from here.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.)
----------------------------------------------
Post back:
A new HijackThis log.
Tell me how the pc behaves now.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#14 randomgene

randomgene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 24 April 2009 - 02:05 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:07 AM, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\msiexec.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus® for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5309 bytes

performance is still sluggish, especially opening internet browser. Windows oncare (MsMpEng.exe ) seems to drag a lot of cpu - almost half -and this seems to reduce performance.

#15 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 25 April 2009 - 12:29 AM

Hello randomgene,

How about uninstalling Microsoft Windows OneCare Live and installing a new Anti-Virus and Firewall, and see how it goes. Firewall should be installed later, we'll get a new Anti-Virus for you now.

Fixing some additional lines which are not needed to run on start-up might also help, but let's see how a New Anti-Virus will work on your system.
----------------------------------------------
INSTALLING & RUNNING AN ANTIVIRUS

Please follow below details regarding to Antivirus installation-see my post below:
  • download the installer
  • disconnect from internet
  • remove old one
  • install new one
  • reconnect, immediately update, and
  • run the Anti-virus and let it quarantine all its findings.
----------------------------------------------
Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently.  Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.
----------------------------------------------
Scan with your new Anti-Virus let it guarantee what it finds, post back a new HijackThis log, and tell me if the pc works better now.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users