Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing virus.


  • This topic is locked This topic is locked
1 reply to this topic

#1 eightoheight

eightoheight

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 15 May 2011 - 03:30 PM

I have a really bad virus on my computer. It won't let me browse the internet with FireFox and every time I open anything a new process, kit.exe, starts. I'm able to end it but it eventually comes back in multiples if I do.

I read a few forums but can't find anything that actually helps me (mostly because I can't understand what's being said - I'm not a "techie"), so I was wondering if anyone here could help me out.

I ran a few scans and below are the logs. The virus wouldn't let me run ComboFix. I could download it but the .exe file got changed to a different name in the process and when they told me to change the name back (a message popped up) the virus started 12 new processes and shut my system down. It did the same thing with Malwarebytes' Anti-Malware. As for Kaspersky, it scanned for about two hours, was at 75% then fell down to 12% and got stuck there for another 2 hours so I couldn't do a scan on there.



NoMD5:


NoMD5Sys by jpshortstuff (29.10.09.1)
Log created at 23:26 on 28/03/2011 (Compaq_Owner)


-=E.O.F=-

C:\WINDOWS\system32\en-us...
C:\WINDOWS\system32\export...
C:\WINDOWS\system32\FxsTmp...
C:\WINDOWS\system32\icsxml...
C:\WINDOWS\system32\IME...
C:\WINDOWS\system32\IME\CINTLGNT...
C:\WINDOWS\system32\IME\PINTLGNT...
C:\WINDOWS\system32\IME\TINTLGNT...
C:\WINDOWS\system32\inetsrv...
C:\WINDOWS\system32\Macromed...
C:\WINDOWS\system32\Macromed\Director...
C:\WINDOWS\system32\Macromed\Flash...
C:\WINDOWS\system32\Macromed\Shockwave 10...
C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras...
C:\WINDOWS\system32\Microsoft...
C:\WINDOWS\system32\Microsoft\Protect...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User...
C:\WINDOWS\system32\MpEngineStore...
C:\WINDOWS\system32\MpEngineStore\History...
C:\WINDOWS\system32\MpEngineStore\History\Reboot...
C:\WINDOWS\system32\MpEngineStore\RebootActions...
C:\WINDOWS\system32\MsDtc...
C:\WINDOWS\system32\MsDtc\Trace...
C:\WINDOWS\system32\mui...
C:\WINDOWS\system32\mui\0009...
C:\WINDOWS\system32\mui\0409...
C:\WINDOWS\system32\mui\041b...
C:\WINDOWS\system32\mui\0424...
C:\WINDOWS\system32\mui\dispspec...
C:\WINDOWS\system32\oobe...
C:\WINDOWS\system32\pcintro...
C:\WINDOWS\system32\pcintro\elements...
C:\WINDOWS\system32\pcintro\elements\photos...
C:\WINDOWS\system32\pcintro\elements\ro_icons...
C:\WINDOWS\system32\pcintro\elements\timeline...
C:\WINDOWS\system32\pcintro\elements\timeline\3...
C:\WINDOWS\system32\pcintro\elements\timeline\4...
C:\WINDOWS\system32\pcintro\elements\timeline\5...
C:\WINDOWS\system32\pcintro\elements\timeline\6...
C:\WINDOWS\system32\pcintro\elements\titleblocks...
C:\WINDOWS\system32\pcintro\elements\wait...
C:\WINDOWS\system32\PreInstall...
C:\WINDOWS\system32\PreInstall\WinSE...
C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1...
C:\WINDOWS\system32\QuickTime...
C:\WINDOWS\system32\ReinstallBackups...
C:\WINDOWS\system32\ReinstallBackups\0000...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0001...
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0003...
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386...
C:\WINDOWS\system32\Restore...
C:\WINDOWS\system32\scripting...
C:\WINDOWS\system32\Setup...
C:\WINDOWS\system32\SoftwareDistribution...
C:\WINDOWS\system32\SoftwareDistribution\Setup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.
226...
C:\WINDOWS\system32\spool...
C:\WINDOWS\system32\spool\drivers...
C:\WINDOWS\system32\spool\drivers\color...
C:\WINDOWS\system32\spool\drivers\w32x86...
C:\WINDOWS\system32\spool\drivers\w32x86\3...
C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4400_se709...
C:\WINDOWS\system32\spool\PRINTERS...
C:\WINDOWS\system32\spool\prtprocs...
C:\WINDOWS\system32\spool\prtprocs\w32x86...
C:\WINDOWS\system32\spool\prtprocs\x64...
C:\WINDOWS\system32\spool\XPSEP...
C:\WINDOWS\system32\spool\XPSEP\amd64...
C:\WINDOWS\system32\spool\XPSEP\amd64\amd64...
C:\WINDOWS\system32\spool\XPSEP\i386...
C:\WINDOWS\system32\spool\XPSEP\i386\i386...
C:\WINDOWS\system32\URTTemp...
C:\WINDOWS\system32\usmt...
C:\WINDOWS\system32\wbem...
C:\WINDOWS\system32\wbem\AutoRecover...
C:\WINDOWS\system32\wbem\Logs...
C:\WINDOWS\system32\wbem\mof...
C:\WINDOWS\system32\wbem\mof\bad...
C:\WINDOWS\system32\wbem\mof\good...
C:\WINDOWS\system32\wbem\Performance...
C:\WINDOWS\system32\wbem\Repository...
C:\WINDOWS\system32\wbem\Repository\FS...
C:\WINDOWS\system32\wbem\snmp...
C:\WINDOWS\system32\wbem\xml...
C:\WINDOWS\system32\XPSViewer...
C:\WINDOWS\system32\XPSViewer\en-US...
C:\WINDOWS\Tasks...
C:\WINDOWS\Temp...
C:\WINDOWS\twain_32...
C:\WINDOWS\twain_32\913D Camera...
C:\WINDOWS\twain_32\hpsj_0000...
C:\WINDOWS\twain_32\JL2005D...
C:\WINDOWS\twain_32\MyDSC...
C:\WINDOWS\twain_32\MyDSC\Skin...
C:\WINDOWS\twain_32\MyDSC\Temp...
C:\WINDOWS\twain_32\QuickCam...
C:\WINDOWS\VerizonOnline...
C:\WINDOWS\VerizonOnline\SfpSrvrLogs...
C:\WINDOWS\WBEM...
C:\WINDOWS\Web...
C:\WINDOWS\Web\printers...
C:\WINDOWS\Web\printers\images...
C:\WINDOWS\Web\Wallpaper...
C:\WINDOWS\Web\Wallpaper\welcome...
C:\WINDOWS\WinSxS...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
673f7fa2...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
069f922e...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-
ww_22d6ba8a...
C:\WINDOWS\WinSxS\InstallTemp...
C:\WINDOWS\WinSxS\Manifests...
C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e...

C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e...
C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww
_97359ba5...
C:\WINDOWS\WinSxS\Policies...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_
x-ww_fe3d5721...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_
x-ww_16f3e195...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e
3b_x-ww_ca951597...
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144cc
f1df_x-ww_4e8510ac...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.1.Microsoft.MSXML2R_6bd6b9abf345378f_x-w
w_679a1c95...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-w
w_88e8eab8...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_659
5b64144ccf1df_x-ww_a0111510...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_65
95b64144ccf1df_x-ww_362e60dd...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_65
95b64144ccf1df_x-ww_c7b7206f...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtim
e-Libraries_6595b64144ccf1df_x-ww_527a1c68...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595
b64144ccf1df_x-ww_5ddad775...
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_659
5b64144ccf1df_x-ww_a317e4b3...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-
ww_5f0bbcff...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-
ww_77c24773...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_caeee150...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-
ww_0f75c32e...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b
_x-ww_7d81c9f9...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-
ww_9e7eb501...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-
ww_b7353f75...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_b8438ace...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-
ww_4ee8bb30...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b
_x-ww_6ad67377...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da...

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5
d...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d
5...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.0.0_x-ww_ff9986d7...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.9792.0_x-ww_08a6620a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_47
3666fd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_78
37863c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb
27474...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85
597b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b8
0fa8ca...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6
967989...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_17
9798c8...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de5
6c07...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww
_0ccc058c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_3dcd24cb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
91481303...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_3
41af80a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b7
7cec8e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e8
7e0bcd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf
8fa05...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decb
df0c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_189d6662...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
6c18549a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf
0e9...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_35
3599c2...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65
b7a93a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0
375...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d4
95ac4e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_05
17bbc6...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11
f3ea3a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_15fc9313...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_467ea28b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a1737
67a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a5
7c1f53...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5
fe2ecb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ec
c42bd1...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_f0ccd4aa...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_214ee422...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0
_x-ww_1382d70a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2180_x-ww_a84f1ff9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2982_x-ww_ac3f9c03...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.5512_x-ww_35d4ce83...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.6028_x-ww_61e65202...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.
0_x-ww_2726e76a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.2180_x-ww_b2505ed9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.5512_x-ww_3fd60d63...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d
353f13...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x
-ww_522f9f82...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x
-ww_dfb54e0c...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_
x-ww_f0b4c2df...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_
x-ww_c7dad023...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2
.3_x-ww_468466a7...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2
.3_x-ww_d6bd8b95...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2
.3_en_16a24bc0...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww
_7d5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d
5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0(2).0_x-ww
_29b51492...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29
b51492...

Done!





HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:51 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Easy Dock] C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\My Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [quosbhhm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kftsxsyut\tifbdvtsika.exe
O4 - HKCU\..\Run: [kchktphm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\jphgxmyue\kfpsqgssika.exe
O4 - HKCU\..\Run: [tliimboh] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kimckdjsp\vnnjwnfsika.exe
O4 - HKCU\..\Run: [ylmglgmc] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kejmdvbvt\tpmubtgsika.exe
O4 - HKUS\S-1-5-18\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'Default user')
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Program Files\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8085 bytes

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:41 AM

Posted 20 May 2011 - 11:34 AM

Hello eightoheight!

You've posted for help at 7 other forums besides BleepingComputer.

Here are your links:
http://forums.cnet.com/need-help-removing-a-virus/7723-6132_102-526910.html
http://forums.whatthetech.com/index.php?showtopic=118577
http://www.spywareinfoforum.com/index.php?/topic/131804-need-help-removing-virus/
http://www.techsupportforum.com/forums/f100/need-help-removing-a-virus-574065.html
http://forum.bullguard.com/forum/10/Need-help-removing-a-virus_91555.html
http://forums.majorgeeks.com/showthread.php?t=237530
http://www.geekstogo.com/forum/topic/300844-need-help-removing-virus/

Please note the following:
  • You should only seek help at one forum!
    Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.
  • By Multi-Posting you are utilizing the time of two (or more) trained helpers.

    Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

    Understandably this causes a certain amount of bad feeling.
    • From the helper who has needlessly spent time researching your log and compiling and posting instructions.
    • From others who have to wait longer for their problems to be addressed.
  • Advice from two separate helpers can cause problems.

Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.

____________________________________________________

As you have already sought out the assistance at 6 other forums, and have received a response to those threads, I'm closing this thread. PICK ONE thread to work at, and inform the other forums of your decision. Don't waste the time of 6 other helpers.

Edited by SweetTech, 20 May 2011 - 11:35 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users