I could not access ComputerHopeForum for at least 24 hours then suddenly

[jim.mar]

It created two logs; as follows

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
.
C:\  [Fixed-NTFS] .. ( Total:244 Go - Free:197 Go )
D:\  [Fixed-NTFS] .. ( Total:352 Go - Free:285 Go )
E:\  [Fixed-NTFS] .. ( Total:63 Go - Free:45 Go )
F:\  [Fixed-NTFS] .. ( Total:12 Go - Free:8 Go )
G:\  [CD_Rom]
H:\  [CD_Rom]
.
Scan : 16:53.50
Path : C:\Users\JIM\Desktop\Rooter.exe
User : JIM ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (288)
Locked avgchsva.exe (352)
Locked csrss.exe (580)
Locked wininit.exe (656)
Locked csrss.exe (664)
Locked winlogon.exe (696)
Locked services.exe (752)
Locked lsass.exe (760)
Locked lsm.exe (772)
Locked svchost.exe (892)
Locked svchost.exe (1004)
Locked svchost.exe (512)
Locked svchost.exe (572)
Locked svchost.exe (840)
Locked audiodg.exe (1060)
Locked svchost.exe (1204)
Locked svchost.exe (1308)
Locked AvastSvc.exe (1360)
Locked spoolsv.exe (1592)
Locked svchost.exe (1620)
Locked SASCore64.exe (1716)
Locked avgwdsvc.exe (1736)
Locked svchost.exe (1772)
Locked LSSrvc.exe (1800)
Locked NBService.exe (1924)
Locked SeaPort.exe (2008)
Locked svchost.exe (1152)
Locked WLIDSVC.EXE (1256)
Locked AVGIDSAgent.exe (1872)
Locked WLIDSVCM.EXE (2312)
Locked avgnsa.exe (2432)
Locked avgemca.exe (2472)
Locked conhost.exe (2484)
Locked SearchIndexer.exe (2872)
______ ???c??? (3008)
______ ???c??? (3024)
______ ???c??? (2304)
______ ???c??? (3240)
______ C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (3248)
______ C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (3268)
______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3332)
______ C:\Users\JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe (3360)
______ C:\Program Files (x86)\AVG\AVG10\avgtray.exe (3472)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3596)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3484)
______ C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (4064)
______ ???c??? (2784)
Locked wmpnetwk.exe (3456)
______ ???c??? (520)
Locked avgrsa.exe (2660)
Locked avgcsrva.exe (2404)
Locked svchost.exe (4848)
Locked dllhost.exe (2780)
______ C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE (3488)
______ ???c??? (4328)
______ C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE (5176)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5484)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4396)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (5276)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (3188)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (5092)
Locked SearchFilterHost.exe (5748)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (6072)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5544)
Locked SearchProtocolHost.exe (4276)
______ C:\Users\JIM\Desktop\Rooter.exe (3572)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:262039142400)
\Device\Harddisk0\Partition3 (Start_Offset:262145048576 | Length:377987530752)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:53.52
.
C:\Rooter$\Rooter_1.txt - (18/12/2010 | 16:53.52)

------------------------------------------------------------------------------------------------------
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
.
C:\  [Fixed-NTFS] .. ( Total:244 Go - Free:197 Go )
D:\  [Fixed-NTFS] .. ( Total:352 Go - Free:285 Go )
E:\  [Fixed-NTFS] .. ( Total:63 Go - Free:45 Go )
F:\  [Fixed-NTFS] .. ( Total:12 Go - Free:8 Go )
G:\  [CD_Rom]
H:\  [CD_Rom]
.
Scan : 16:53.52
Path : C:\Users\JIM\Desktop\Rooter.exe
User : JIM ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (288)
Locked avgchsva.exe (352)
Locked csrss.exe (580)
Locked wininit.exe (656)
Locked csrss.exe (664)
Locked winlogon.exe (696)
Locked services.exe (752)
Locked lsass.exe (760)
Locked lsm.exe (772)
Locked svchost.exe (892)
Locked svchost.exe (1004)
Locked svchost.exe (512)
Locked svchost.exe (572)
Locked svchost.exe (840)
Locked audiodg.exe (1060)
Locked svchost.exe (1204)
Locked svchost.exe (1308)
Locked AvastSvc.exe (1360)
Locked spoolsv.exe (1592)
Locked svchost.exe (1620)
Locked SASCore64.exe (1716)
Locked avgwdsvc.exe (1736)
Locked svchost.exe (1772)
Locked LSSrvc.exe (1800)
Locked NBService.exe (1924)
Locked SeaPort.exe (2008)
Locked svchost.exe (1152)
Locked WLIDSVC.EXE (1256)
Locked AVGIDSAgent.exe (1872)
Locked WLIDSVCM.EXE (2312)
Locked avgnsa.exe (2432)
Locked avgemca.exe (2472)
Locked conhost.exe (2484)
Locked SearchIndexer.exe (2872)
______ ???c??? (3008)
______ ???c??? (3024)
______ ???c??? (2304)
______ ???c??? (3240)
______ C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (3248)
______ C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (3268)
______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3332)
______ C:\Users\JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe (3360)
______ C:\Program Files (x86)\AVG\AVG10\avgtray.exe (3472)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3596)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3484)
______ C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (4064)
______ ???c??? (2784)
Locked wmpnetwk.exe (3456)
______ ???c??? (520)
Locked avgrsa.exe (2660)
Locked avgcsrva.exe (2404)
Locked svchost.exe (4848)
Locked dllhost.exe (2780)
______ C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE (3488)
______ ???c??? (4328)
______ C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE (5176)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5484)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4396)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (5276)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (3188)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (5092)
Locked SearchFilterHost.exe (5748)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (6072)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5544)
Locked SearchProtocolHost.exe (4276)
______ C:\Users\JIM\Desktop\Rooter.exe (3572)
______ C:\Windows\SysWOW64\NOTEPAD.EXE (5284)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:262039142400)
\Device\Harddisk0\Partition3 (Start_Offset:262145048576 | Length:377987530752)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:53.53
.
C:\Rooter$\Rooter_2.txt - (18/12/2010 | 16:53.53)

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[jim.mar]

ESET scan:

D:\JIM-PC\Backup Set 2008-05-27 131440\Backup Files 2008-05-27 131440\Backup files 13.zip   multiple threats   deleted - quarantined
D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 11.zip   probably a variant of Win32/TrojanClicker.Agent.FGTAJNN trojan   deleted - quarantined
E:\Install_AIM.exe   Win32/Adware.WBug.A application   deleted - quarantined
E:\my downloads 2\BSINSTALL.exe   probably a variant of Win32/Agent.HNJSBPX trojan   deleted - quarantined
E:\trans prog files\PestPatrol\Quarantine\4583   probably a variant of Win32/TrojanClicker.Agent.FGTAJNN trojan   cleaned by deleting - quarantined

LOG file:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

[SuperDave]

That looks good. If there are no other issues, it's time for some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[jim.mar]

   Thank you so much S-Dave.   The machine seems to be working great.   I do have one issue; since we have started  working on this string I have lost a plug-in that I bought  and downloaded  from NERO called "Grace-note".   It is needed for me to use NERO 9 to burn audio CD's and DVD's. I can't find it anywhere on the machine.   Do you have any thoughts on this or maybe this is the wrong area to work that problem??   

Anyway, thanks again, this is the second time you  have pulled my fat out of the fire  JIM

[SuperDave]

I have lost a plug-in that I bought  and downloaded  from NERO called "Grace-note".   It is needed for me to use NERO 9 to burn audio CD's and DVD's. I can't find it anywhere on the machine.   Do you have any thoughts on this or maybe this is the wrong area to work that problem??   

I checked all the logs and I can't see anywhere we might have removed it. The only thing I can think of is to uninstall and reinstall the program.

thanks again, this is the second time you  have pulled my fat out of the fire 

If you follow my guidelines, you shouldn't be getting infected. This is almost the same protection I have on my computer and I never catch anything.

[jim.mar]

OK, thanks again,  JIM