Inactive Exploit Trojan Help

[krotchbat]

Hey there,
After trying to find a fix for a weird .dll error window at every bootup and some scanning unfortunately I've uncovered the Exploit Trojan within my system. After the scan there were 4 results:
C:\Users\El\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\415a0b13-10e5a366 Java/Exploit.Agent.NGE trojan

Java:CVE-2012-1723-AMH%20[Expl]
Java.Downloader.80
Exploit.CVE-2012-0507.an
Exploit-FEF!FA45250D2ACB

Any help is GREATLY appreciated. Thanks.

Kbat

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[krotchbat]

Thanks for the reply and helpful instructions. I will respond momentarily thanks

 

[krotchbat]

MBM Scan:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.03.10
Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18882
Ron :: Ron-PC [administrator]
Protection: Disabled
03/03/2013 5:19:48 PM
mbam-log-2013-03-03 (17-19-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198259
Time elapsed: 4 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[krotchbat]

Attach
==============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox CS 2.2
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan LiDE 90
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.70.0.1100
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
Norton Security Scan
NVIDIA Drivers
OutlookAddinSetup
Product Documentation Launcher
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
.
==== End Of File ===========================
DDs
======
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18882
Run by Eleanor at 17:29:22 on 2013-03-03
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4080315
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - <orphaned>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [lantc] "c:\windows\system32\rundll32.exe" "c:\users\eleanor\appdata\roaming\lantc.dll",set_rows
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://games.yahoo.com/game/daily-jigsaw-shockwave.html"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{FFE9644A-BE09-4801-A070-449BE5593F54} : DHCPNameServer = 192.168.0.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-03-03 22:17:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-03 22:17:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 22:17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-03 20:34:46 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-03-03 20:34:46 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-03-03 20:34:46 75264 ----a-w- c:\windows\system32\unacev2.dll
2013-03-03 20:34:46 605968 ----a-w- c:\windows\system32\ztv7z.dll
2013-03-03 20:34:46 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2013-03-03 20:34:46 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-03-03 20:34:46 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2013-03-03 20:34:45 -------- d-----w- c:\programdata\Simply Super Software
2013-03-03 17:38:55 -------- d-----w- c:\program files\CCleaner
2013-03-03 07:58:45 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fdfa2459-5093-4e1c-a93e-b93fc8a9b421}\mpengine.dll
2013-03-03 01:57:15 -------- d-----w- c:\users\eleanor\appdata\roaming\Malwarebytes
2013-03-03 01:57:08 -------- d-----w- c:\programdata\Malwarebytes
2013-02-17 00:26:57 -------- d-----w- c:\programdata\B034A860F6E2A0070000B033F833A6AF
2013-02-16 02:37:19 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-16 02:37:19 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:30:16.20 ===============

 

[Broni]

Any particular reason why you ran all scans from safe mode?

 

[krotchbat]

No. I was already in safe mode. Obviously just forgot to switch back. Would that really affect the outcome?

 

[Broni]

Yes. I need all logs from normal mode.