Solved: Computer Infected - Runs Terribly Slow

jayne77vt · 10-Nov-2009, 05:33 PM #1

Hi . . Thanks in advance for your time. My computer is performing extremely slow and I am afraid that it is infected with malware. I have included a HJT log. Here are the specs on my computer and the logfile:

Windows XP
Home Edition Version 2002
Service Pack 3

Pentium 4 2.66GHz 512MB RAM

~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:34 PM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\freddy73.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [X4aWD] C:\WINDOWS\ocwnmcj.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld15.exe
O4 - HKLM\..\Run: [Captcha7] rundll "C:\Program Files\captcha.dll",captcha
O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy73.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-57989841-1220945662-725345543-1016\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User 'Dan')
O4 - HKUS\S-1-5-21-57989841-1220945662-725345543-1016\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Dan')
O4 - HKUS\S-1-5-21-57989841-1220945662-725345543-1016\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Dan')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0241541257884746) (0241541257884746mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\024154~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12289 bytes

jayne77vt · 11-Nov-2009, 04:10 PM #2

Bump, please . .

..Thanks

NeonFx · 12-Nov-2009, 11:37 PM #3

Hello there

Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Please copy the following into the Custom Scans box at the bottom

Code:

%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys  /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select All items.
Place a checkmark next to Hidden Objects Only
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
(Unless you have a floppy drive. In this case, please use "Scan Root Drive Only" and press Start)
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

jayne77vt · 14-Nov-2009, 12:41 PM #4

OK . . . I have attached the OTS logfile and pasted the SysProt log below...

~~~~~~~~~~~~~~~

SysProt AntiRootkit v1.0.1.0
by swatkat

*************************************************************************** ***************
*************************************************************************** ***************
*************************************************************************** ***************
*************************************************************************** ***************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DTWU5UKY\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DTWU5UKY\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[2].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSLGBGX\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSLGBGX\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSLGBGX\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSLGBGX\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSLGBGX\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[2].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[2].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\NACM9MWD\forecast;frmt=9;frmt=6;frmt=2;frmt=1;frmt=0;plID =824514779;player=forecast;lnID=922000708;ttID=877032568;position=PreRoll;c ue=pre;cgm=0;cat=Anime%20&%20Anima
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OXAJ816R\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OXAJ816R\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OXAJ816R\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OXAJ816R\dref=http%253A%252F%252Fwww.realtor.com%252Fsear ch%252Fsearchresults[1].aspx%253Fctid%253D2743%2526typ%253D7%2526sid%253D944ff4fc5b294827b8aa4a032 ef5abfd%252
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{C47B1A84-10B0-4224-9BCC-CB71D396670C}
Status: Access denied

NeonFx · 14-Nov-2009, 04:09 PM #5

Alright. Please do the following now:

STEP 1

Run OTS

Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:

[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "sysfbtray" -> C:\WINDOWS\freddy73.exe [C:\windows\freddy73.exe]
YN -> "X4aWD" -> C:\WINDOWS\ocwnmcj.exe [C:\WINDOWS\ocwnmcj.exe]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {238F6F83-B8B4-11CF-8771-00A024541EE3} [HKLM] -> http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab [Citrix ICA Client]
YN -> {6E704581-CCAE-46D2-9C64-20D724B3624E} [HKLM] -> http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab [UnagiAx Class]
[Files/Folders - Created Within 30 Days]
NY ->  freddy73.exe -> C:\WINDOWS\freddy73.exe
[Files/Folders - Modified Within 30 Days]
NY ->  0101120101465248.xxe -> C:\WINDOWS\0101120101465248.xxe
NY ->  rdr_1256650778.exe -> C:\WINDOWS\rdr_1256650778.exe
NY ->  ld15.exe -> C:\WINDOWS\ld15.exe
NY ->  tgm2.dat -> C:\WINDOWS\tgm2.dat
NY ->  mmsmark2.dat -> C:\WINDOWS\mmsmark2.dat
NY ->  hpm2.dat -> C:\WINDOWS\hpm2.dat
NY ->  0101120101465249.xxe -> C:\WINDOWS\0101120101465249.xxe
NY ->  0101120101465349.xxe -> C:\WINDOWS\0101120101465349.xxe
NY ->  0101120101465050.xxe -> C:\WINDOWS\0101120101465050.xxe
NY ->  bx4657.dat -> C:\WINDOWS\bx4657.dat
NY ->  bk23567.dat -> C:\WINDOWS\bk23567.dat
NY ->  0101120101465649.xxe -> C:\WINDOWS\0101120101465649.xxe
NY ->  0101120101464955.xxe -> C:\WINDOWS\0101120101464955.xxe
NY ->  010112010146116101.xxe -> C:\WINDOWS\010112010146116101.xxe
[Files - No Company Name]
NY ->  0101120101465248.xxe -> C:\WINDOWS\0101120101465248.xxe
NY ->  rdr_1256650778.exe -> C:\WINDOWS\rdr_1256650778.exe
NY ->  tgm2.dat -> C:\WINDOWS\tgm2.dat
NY ->  mmsmark2.dat -> C:\WINDOWS\mmsmark2.dat
NY ->  hpm2.dat -> C:\WINDOWS\hpm2.dat
NY ->  0101120101465249.xxe -> C:\WINDOWS\0101120101465249.xxe
NY ->  0101120101465349.xxe -> C:\WINDOWS\0101120101465349.xxe
NY ->  0101120101465050.xxe -> C:\WINDOWS\0101120101465050.xxe
NY ->  bx4657.dat -> C:\WINDOWS\bx4657.dat
NY ->  bk23567.dat -> C:\WINDOWS\bk23567.dat
NY ->  0101120101465649.xxe -> C:\WINDOWS\0101120101465649.xxe
NY ->  0101120101464955.xxe -> C:\WINDOWS\0101120101464955.xxe
NY ->  010112010146116101.xxe -> C:\WINDOWS\010112010146116101.xxe
NY ->  ld15.exe -> C:\WINDOWS\ld15.exe
[Empty Temp Folders]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.

STEP 2

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

STEP 3

Run OTS again and click on the Quick Scan button at the top. Attach the results of this scan in your next reply.

jayne77vt · 19-Nov-2009, 05:24 PM #6

Hi . . . I have attached the ots fix log, the MBAM log, and the quick scan log....

Thanks . .

NeonFx · 19-Nov-2009, 10:24 PM #7

How's the computer running now?

STEP 1

Run OTS

Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:

[Unregister Dlls]
[Empty Temp Folders]
[ClearAllRestorePoints]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

STEP 2

Let's run an online scan. This will take a while but it's well worth it as it can often find things all other scanners will miss.

Before we do, I need you to update Internet Explorer to IE8. Even if you don't use it, we need to have it updated as its components are deeply connected with Windows itself.

Please go here to download the installer:

http://www.microsoft.com/windows/internet-explorer/

STEP 3

The online scanner uses Java, so I will need you to download and install the latest version for that.

Please go here to download the installer:

http://java.com/en/download/index.jsp

STEP 4

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!