Can anyone help me with this log?

[tampafl]

the other day something happend to my computer, it got infected, bad, and is now barely running. IE windows are constantly opening up on me, it runs incredibly slow and I get a pop up window telling me to save my data because the system is shutting down. Then it counts down and shuts off.

I also am now constantly getting an error saying buffer overun, has to shut down. Something like windows/explorer.exe.

Here's my HJT log...please help with anything. I'm pretty fimilair with computers, I just need help in the right direction to get rid of all this.

Thank you-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:58 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\jqwnw64r.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\ncntrkdm.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\New Mom\Application Data\SpeedRunner\SpeedRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\New Mom\Application Data\Microsoft\rejbad.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{61-1E-E1-1C-DW}] C:\windows\system32\jqwnw64r.exe DWram
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092C BD44BD8689220221DD325762EA4EBF968951185EFC41280686 7680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [{34db637e-ff5a-8e34-cca0-6ba34f8815c5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{188ea3af-d8ca-9191-e51e-945453515a28}.dll" DllInit
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntrkdm.exe DWram
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BM1f552d2f] Rundll32.exe "C:\WINDOWS\system32\ggjqnulb.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\New Mom\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\New Mom\Application Data\Microsoft\rejbad.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows installer] C:\winstall.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows installer] C:\winstall.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntrkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jqwnw64r.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/...ad/XUpload.ocx
O21 - SSODL: lWhOkNH - {1C661E1D-B6CC-B4B7-01FE-EDCA57C911E0} - C:\WINDOWS\System32\ktb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TVIuIEhPVFJPRA\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9056 bytes

[jholland1964]

A quick look through the log shows me multiple trojans on the system AND you are not running an anti-virus program or a firewall.
You need to go to READ ME Before Posting A Request For Assistance!
Follow ALL of the steps there, including the online scans. Have all the scans fix whatever they find. Once you have completed ALL the steps given there then run a new HiJackThis scan and post back here with that log and any other logs generated by the other programs and we will then determine the next steps needed. Be sure to have all others fix whatever they find. This is a very infected computer so I would not recommend any just "general surfing" or emailing until the computer is clean.
Judy

[tampafl]

**I HAVE TRIED ALL THAT**
I've tried going step by step and this HJT log is from AFTER doing everything!
I'm running spyware terminator.....

What else can I do? Anything? Should I just get a new computer? Someone used our computer and it's now almost useless.....

[jholland1964]

If you have done all that where are the logs? We can do nothing without seeing the logs. These programs should have removed many of these trojans. Spyware Terminator is not on our list of programs to use. Did you use the MalwareBytes Anti-Malware program and have it remove items found, did you do the Eset Online scanner and have it remove items found?
You don't need a new computer this one can be cleaned but you have to follow the steps exactly and remove with the programs noted.

[tampafl]

Well, I'm not on that computer b/c it's running so badly. I can go home and post the logs no proble,. I thought HJT log was the only needed to help. I appreciate your help and I'll go home and paste the informatin for further assistance.

I even ran a scan that took a few hours last night. Nothing seems to be helping with this darn thing.

[jholland1964]

You might see if you can do this;
Do Ctrl-Alt-Delete and open the Task Manager. There are Trojans running in the background showing in this log. See if you can end the processes by highlighting each and choosing End Task.
What I have included below includes the SpywareTerminator processeses running and AdAware2007...while not necessarily bad they will interfere with any fixes attempted so they should be totally turned off until this process is complete. Honestly, I would recommend you uninstall the SpywareTerminator anyway, it obviously did you no good whatsoever.
Also, with the exception of course of the online scanners which need internet service to run, you should actually disconnect the internet cable from the computer while doing the fixes. This will keep these trojans from "phoning home" OR also stop other processes from trying to enter the computer via the internet.
It would be better if you disconnect and run all those programs installed on the computer from the sticky, tell them to fix, SAVE the LOGS...THEN reconnect and run the online scans, having them fix also and save those logs.
Below are the running processes I would like you to try to end via taskmanager. If you cannot, make a note of which ones would not turn off.
Those I have noted with *'s are trojans, but they of course don't have those markings in the taskmanager....
aawservice.exe
sp_rsser.exe*
jqwnw64r.exe*
mrofinu1188.exe*
ncntrkdm.exe*
SpywareTerminatorShield.exe
SpeedRunner.exe*
rejbad.exe*
QdrPack15.exe*
Svconr.exe*
SpywareTerminator.exe

[tampafl]

I've gone step by step now in the sticky. Here is the requested information/logs. I'm still having ie windows pop up constantly on thier own!

[tampafl]

I started a new thread with all the pertinant information....

[tampafl]

I'm not sure how my thread/post got in here. I hope it's ok as the sticky says to start a new thread when finished with the cleaning. It was a new thread, so I'm not sure what happend. Sorry-

[jholland1964]

tampafl, I have merged your two threads into one, you should always continue with the original thread.
Did you tell the Eset Scanner to clean and fix?