1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive IE running very slow-no infection showing up

Discussion in 'Malware and Virus Removal Archive' started by jakinabox, 2009/09/02.

  1. 2009/09/02
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    [Inactive] IE running very slow-no infection showing up

    Hi,

    I discovered that my Bitdefender AV has expired but dont know when,it didnt inform me,so I've no idea how long I've had no AV.

    I went away for a few days,turned on the internet yesterday and its running super slow,so slowly that its difficult to search through the site for similar topics.

    I ran Malwarebytes and Adaware scans but nothing is showing up.When I try to install new AV ,it tells me it will take 5hrs to download!

    I have HJT somewhere on the PC,found it on the aministators account while in safe mode and it showed the following:
    c:\WINDOWS\system32\nsn12.dll(file missing)
    I have no idea what this means,can anyone help?

    Thanks,
    Jaki
     
    jakinabox,
    #1
  2. 2009/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    First of all, either renew BitDefender, or uninstall it, and install one of these:

    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
    NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

    If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
    If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

    IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

    Update, run full scan.

    When done....

    Read this post, then post the requested log(s).
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/09/02
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    I've tried BitDefender,Avira,Avast,Comodo and AVG but none will install,I keep getting error messages.
    I just ran dds anyway and here are the logs:
    DDS (Ver_09-07-30.01) - NTFSx86
    Run by JACQUIE at 23:19:22.14 on 02/09/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1609 [GMT 1:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\JACQUIE.HOPELESS\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: bignetdaddy: {85067bf5-33fe-58d7-ed75-2ca659ed5fa1} - c:\windows\system32\nsn12.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

    ============= SERVICES / DRIVERS ===============

    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-15 55136]
    R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2009-1-5 98488]
    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
    R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2008-4-23 1240576]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533344]
    S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-5-14 61504]
    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-5-14 9328]
    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-5-14 97056]
    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-5-14 88560]
    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-5-14 86368]
    S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-19 33752]

    =============== Created Last 30 ================

    2009-08-12 23:47 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
    2009-08-12 23:47 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
    2009-08-05 10:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

    ==================== Find3M ====================

    2009-09-02 22:36 81,984 a------- c:\windows\system32\bdod.bin
    2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-08-01 18:30 815 a------- C:\rtsr_eml_sr.dat
    2009-08-01 18:30 141 a------- C:\dwl.dat
    2009-08-01 18:30 132 a------- C:\httpdwl.dat
    2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
    2009-06-29 17:12 827,392 a------- c:\windows\system32\wininet.dll
    2009-06-29 17:12 78,336 a------- c:\windows\system32\ieencode.dll
    2009-06-29 17:12 17,408 -------- c:\windows\system32\corpol.dll
    2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-12 13:31 80,896 a------- c:\windows\system32\tlntsess.exe
    2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
    2009-06-10 07:14 132,096 -------- c:\windows\system32\wkssvc.dll
    2008-05-17 08:50 24,192 ac------ c:\documents and settings\jacquie.hopeless\usbsermptxp.sys
    2008-05-17 08:50 22,768 ac------ c:\documents and settings\jacquie.hopeless\usbsermpt.sys
    2008-10-03 23:22 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100320081004\index.dat

    ============= FINISH: 23:19:30.98 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/04/2008 11:46:49
    System Uptime: 09/02/2009 22:40:21 (4921 hours ago)

    Motherboard: | | ConRoe1333-D667
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2992/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 178.412 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP219: 04/06/2009 19:48:46 - System Checkpoint
    RP220: 05/06/2009 10:21:45 - Software Distribution Service 3.0
    RP221: 06/06/2009 08:01:35 - Software Distribution Service 3.0
    RP222: 07/06/2009 09:03:16 - System Checkpoint
    RP223: 08/06/2009 11:42:50 - System Checkpoint
    RP224: 08/06/2009 14:22:24 - Software Distribution Service 3.0
    RP225: 10/06/2009 12:13:35 - System Checkpoint
    RP226: 11/06/2009 14:09:29 - System Checkpoint
    RP227: 12/06/2009 11:28:09 - Software Distribution Service 3.0
    RP228: 13/06/2009 07:37:56 - Software Distribution Service 3.0
    RP229: 14/06/2009 11:34:11 - System Checkpoint
    RP230: 15/06/2009 15:29:54 - Software Distribution Service 3.0
    RP231: 17/06/2009 17:50:09 - System Checkpoint
    RP232: 18/06/2009 17:59:29 - Software Distribution Service 3.0
    RP233: 19/06/2009 08:20:15 - Software Distribution Service 3.0
    RP234: 19/06/2009 10:19:28 - Installed Windows Media Player 10
    RP235: 20/06/2009 07:32:43 - Software Distribution Service 3.0
    RP236: 20/06/2009 22:35:44 - Software Distribution Service 3.0
    RP237: 22/06/2009 12:17:13 - System Checkpoint
    RP238: 23/06/2009 09:35:18 - Software Distribution Service 3.0
    RP239: 25/06/2009 15:50:20 - Software Distribution Service 3.0
    RP240: 26/06/2009 12:21:25 - Removed BBC iPlayer Desktop
    RP241: 27/06/2009 08:40:35 - Software Distribution Service 3.0
    RP242: 28/06/2009 08:52:55 - System Checkpoint
    RP243: 29/06/2009 11:51:07 - System Checkpoint
    RP244: 30/06/2009 15:01:22 - System Checkpoint
    RP245: 01/07/2009 19:32:53 - System Checkpoint
    RP246: 03/07/2009 09:47:50 - System Checkpoint
    RP247: 04/07/2009 08:23:08 - Software Distribution Service 3.0
    RP248: 05/07/2009 18:47:34 - System Checkpoint
    RP249: 06/07/2009 21:16:28 - System Checkpoint
    RP250: 07/07/2009 14:16:54 - Software Distribution Service 3.0
    RP251: 08/07/2009 19:35:14 - System Checkpoint
    RP252: 10/07/2009 15:08:32 - System Checkpoint
    RP253: 11/07/2009 08:23:36 - Software Distribution Service 3.0
    RP254: 13/07/2009 13:19:11 - System Checkpoint
    RP255: 14/07/2009 17:31:07 - System Checkpoint
    RP256: 18/07/2009 10:47:22 - Software Distribution Service 3.0
    RP257: 19/07/2009 18:16:32 - System Checkpoint
    RP258: 20/07/2009 19:10:24 - System Checkpoint
    RP259: 22/07/2009 10:41:42 - System Checkpoint
    RP260: 24/07/2009 17:23:46 - System Checkpoint
    RP261: 25/07/2009 11:02:39 - Software Distribution Service 3.0
    RP262: 26/07/2009 19:54:15 - System Checkpoint
    RP263: 29/07/2009 12:53:59 - System Checkpoint
    RP264: 01/08/2009 15:52:15 - Software Distribution Service 3.0
    RP265: 04/08/2009 12:29:49 - System Checkpoint
    RP266: 05/08/2009 18:21:34 - System Checkpoint
    RP267: 06/08/2009 19:52:13 - System Checkpoint
    RP268: 07/08/2009 20:07:42 - System Checkpoint
    RP269: 08/08/2009 09:07:56 - Software Distribution Service 3.0
    RP270: 08/08/2009 11:30:01 - Software Distribution Service 3.0
    RP271: 11/08/2009 22:32:22 - System Checkpoint
    RP272: 13/08/2009 21:21:21 - Software Distribution Service 3.0
    RP273: 15/08/2009 15:30:03 - Software Distribution Service 3.0
    RP274: 19/08/2009 16:54:51 - System Checkpoint
    RP275: 22/08/2009 10:15:51 - Software Distribution Service 3.0
    RP276: 01/09/2009 20:19:22 - Software Distribution Service 3.0
    RP277: 01/09/2009 20:28:22 - Software Distribution Service 3.0
    RP278: 01/09/2009 22:22:47 - Software Distribution Service 3.0
    RP279: 02/09/2009 22:36:32 - Removed BitDefender Antivirus 2009

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Ad-Aware 2007
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.4
    Any Video Converter Professional 2.7.5
    Apple Software Update
    Arcade Tribe v1.38
    Big Fish Games Client
    BufferChm
    Choice Guard
    Copy
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Web Player
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    DVD Decrypter (Remove Only)
    eSupportQFolder
    F4200
    F4200_Help
    Forgotten Lands The First Colony
    Google Earth
    Google Toolbar for Internet Explorer
    GPBaseService
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP Customer Participation Program 10.0
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Java 2 Runtime Environment, SE v1.4.2_15
    Java(TM) 6 Update 13
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Library Management Wizard
    Megaplex Madness Now Playing
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Premium
    Nero Mega Plugin Pack
    NeroMIX
    PartyPoker
    PC Connectivity Solution
    Personal License Update Wizard for Windows Media Player
    PFConfig 1.0.232
    Philips SPC 900NC PC Camera
    Philips VLounge
    Plus! MP3 Audio Converter LE
    PSSWCORE
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Samsung Media Studio
    Scan
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Segoe UI
    Shop for HP Supplies
    SiSoftware Sandra Lite XII.SP2c
    SmartWebPrintingOC
    SolutionCenter
    Sonic Encoders
    SopCast 3.0.1
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.762
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Wonderburg
    Xfire (remove only)
    Xvid 1.1.3 final uninstall

    ==== Event Viewer Messages From Past Week ========

    26/08/2009 22:01:57, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    26/08/2009 22:00:35, error: Service Control Manager [7023] - The Logical Disk Manager service terminated with the following error: The specified module could not be found.
    26/08/2009 22:00:35, error: Service Control Manager [7000] - The Logitech Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.
    26/08/2009 22:00:16, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 001966439086 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    02/09/2009 13:08:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    02/09/2009 13:07:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    02/09/2009 12:58:33, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    02/09/2009 12:55:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bdftdif Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    02/09/2009 12:55:22, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    02/09/2009 12:55:22, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/09/2009 12:55:22, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/09/2009 12:55:22, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/09/2009 12:55:22, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    02/09/2009 12:54:51, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    02/09/2009 12:54:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    01/09/2009 20:20:45, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

    ==== End Of File ===========================
     
    jakinabox,
    #3
  5. 2009/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What do they say?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2009/09/02
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    Two of them froze,either Avira or Avast gave me a log but wouldnt let me save or copy it but it did say something about not finding the program folder,AVG says installation file download failed error code 0xE001C04E.
    I'll run Combofix now.
     
    jakinabox,
    #5
  7. 2009/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #6
  8. 2009/09/03
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    Sorry, it took a long time to download combofix.
    Here's the log:

    ComboFix 09-09-02.02 - JACQUIE 03/09/2009 9:26.13.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1678 [GMT 1:00]
    Running from: c:\documents and settings\JACQUIE.HOPELESS\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\JACQUIE.HOPELESS\Application Data\.#
    c:\windows\Installer\126dee0.msp
    c:\windows\Installer\139212.msp
    c:\windows\Installer\13d506.msp
    c:\windows\Installer\194c51.msp
    c:\windows\Installer\19e025.msp
    c:\windows\Installer\1d2cee.msp
    c:\windows\Installer\220fba.msp
    c:\windows\Installer\2356e0.msp
    c:\windows\Installer\2371f9.msp
    c:\windows\Installer\23cfb9.msp
    c:\windows\Installer\255995.msp
    c:\windows\Installer\275882.msp
    c:\windows\Installer\27c892.msp
    c:\windows\Installer\28e7f.msp
    c:\windows\Installer\2b0a7e.msp
    c:\windows\Installer\2b3334.msp
    c:\windows\Installer\2d7535.msp
    c:\windows\Installer\2e0cf0.msp
    c:\windows\Installer\2e8a1.msp
    c:\windows\Installer\2ef38.msp
    c:\windows\Installer\2f84ea.msp
    c:\windows\Installer\2ff36.msp
    c:\windows\Installer\2ffa3.msp
    c:\windows\Installer\3029d5.msp
    c:\windows\Installer\305ab9.msp
    c:\windows\Installer\30958.msp
    c:\windows\Installer\30a71.msp
    c:\windows\Installer\30bc9.msp
    c:\windows\Installer\3202b.msp
    c:\windows\Installer\321e1.msp
    c:\windows\Installer\33f4c.msp
    c:\windows\Installer\34900.msp
    c:\windows\Installer\356bc.msp
    c:\windows\Installer\3734c0.msp
    c:\windows\Installer\3764a.msp
    c:\windows\Installer\38aad.msp
    c:\windows\Installer\3908f3.msp
    c:\windows\Installer\39173c.msp
    c:\windows\Installer\3980b.msp
    c:\windows\Installer\39888.msp
    c:\windows\Installer\39fda4.msp
    c:\windows\Installer\3dc049.msp
    c:\windows\Installer\3ebd8.msp
    c:\windows\Installer\41209b.msp
    c:\windows\Installer\41a3b.msp
    c:\windows\Installer\43693.msp
    c:\windows\Installer\44727.msp
    c:\windows\Installer\45b9bb.msp
    c:\windows\Installer\4722f.msp
    c:\windows\Installer\4b34de.msp
    c:\windows\Installer\4f0dda.msp
    c:\windows\Installer\511b1f.msp
    c:\windows\Installer\53f3b3.msp
    c:\windows\Installer\5696f.msp
    c:\windows\Installer\573c56.msp
    c:\windows\Installer\58593f.msp
    c:\windows\Installer\5b108.msp
    c:\windows\Installer\5e4116.msp
    c:\windows\Installer\5f7aa0.msp
    c:\windows\Installer\614e66.msp
    c:\windows\Installer\66cb6.msp
    c:\windows\Installer\734c6b.msp
    c:\windows\Installer\755d97.msp
    c:\windows\Installer\774543.msp
    c:\windows\Installer\7aeba6.msp
    c:\windows\Installer\7b0430.msp
    c:\windows\Installer\7c4ab9.msp
    c:\windows\Installer\7eef1.msp
    c:\windows\Installer\921f3.msp
    c:\windows\Installer\94828.msp
    c:\windows\Installer\a3f2e2.msp
    c:\windows\Installer\a778cd.msp
    c:\windows\Installer\afbc4.msp
    c:\windows\Installer\b930cc.msp
    c:\windows\Installer\b930d2.msi
    c:\windows\Installer\d1e08.msp
    c:\windows\Installer\d7a552.msp
    c:\windows\Installer\eba1c7.msp
    c:\windows\Installer\eba1cd.msp
    c:\windows\Installer\eba1d3.msp
    c:\windows\Installer\f3b160.msp
    c:\windows\Installer\f6d4b8.msp
    c:\windows\Installer\f9e0c.msp
    c:\windows\system32\muzapp.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
    .

    2009-09-02 22:43 . 2009-09-02 22:43 -------- d-----w- c:\documents and settings\JACQUIE.HOPELESS\Application Data\AVG8
    2009-09-02 11:56 . 2009-09-02 11:56 -------- d-----w- c:\documents and settings\Administrator.HOPELESS\Application Data\Malwarebytes
    2009-08-12 22:47 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-02 21:36 . 2008-12-22 17:34 -------- d-----w- c:\documents and settings\Guest\Application Data\BitDefender
    2009-09-02 21:36 . 2009-04-03 11:49 -------- d-----w- c:\documents and settings\Administrator.HOPELESS\Application Data\Bitdefender
    2009-09-02 21:36 . 2008-12-17 19:51 -------- d-----w- c:\documents and settings\ROWAN.HOPELESS\Application Data\BitDefender
    2009-09-02 21:36 . 2008-12-16 15:42 -------- d-----w- c:\documents and settings\STEVE.HOPELESS\Application Data\BitDefender
    2009-09-02 21:36 . 2008-08-30 11:45 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-08-12 22:55 . 2008-02-28 21:36 -------- d-----w- c:\program files\PartyGaming
    2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-01 17:30 . 2009-01-15 21:36 815 ----a-w- C:\rtsr_eml_sr.dat
    2009-08-01 17:30 . 2009-01-15 21:36 141 ----a-w- C:\dwl.dat
    2009-08-01 17:30 . 2009-01-15 21:36 132 ----a-w- C:\httpdwl.dat
    2009-08-01 15:00 . 2009-01-15 20:10 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 09:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 08:20 . 2008-04-23 08:48 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-29 16:12 . 2004-08-10 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-06-25 08:25 . 2004-08-10 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-10 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-10 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-25 08:25 . 2004-08-10 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-24 11:18 . 2004-08-10 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:13 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 08:19 . 2008-04-22 10:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2004-08-10 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-06 185896]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
    "c:\\Program Files\\SopCast\\SopCast.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe "=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP "= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP "= 1641:TCP:MioNet Remote Drive Verification
    "40264:TCP "= 40264:TCP:utorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/01/2009 21:10 55136]
    R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [05/01/2009 13:59 98488]
    R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [23/04/2008 19:24 1240576]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533344]
    S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19/01/2009 15:43 33752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2008-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-08-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2009-09-02 c:\windows\Tasks\User_Feed_Synchronization-{0A291908-9C36-4190-8B1D-FE50B4712EEA}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{85067bf5-33fe-58d7-ed75-2ca659ed5fa1} - c:\windows\system32\nsn12.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-03 09:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1390067357-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09C0EADD-F646-9819-7C1F-AB622B47CFF8}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abpgjmncijfanjfgmnlgockbobamfehdcp "=hex:65,62,63,66,61,64,69,6e,6d,6a,62,6a,
    63,61,63,67,70,63,69,68,67,68,70,69,62,65,63,6e,70,69,67,67,6b,6f,64,65,6b,\
    "bbpgjmncijfanjfgmncgfakkooakoggbhcao "=hex:61,62,6b,67,63,70,67,65,69,6e,70,61,
    69,69,63,61,6d,69,64,6a,62,6a,64,6c,62,6c,67,62,62,6a,64,68,66,62,00,65

    [HKEY_USERS\S-1-5-21-1390067357-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34F644D0-DAA1-F2F8-BA75-DB9FABB9EA7E}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abdmnadhhcdlbbpfjfenhbglbgaekgcilb "=hex:65,62,6d,6e,66,64,70,66,61,69,6c,61,
    65,68,68,63,6e,64,6a,6a,6d,6c,65,61,6d,69,70,62,6e,6e,65,6a,6c,62,66,6d,6b,\
    "bbdmnadhhcdlbbpfjffngeflklljbaomjfap "=hex:61,62,65,6c,6d,6e,66,65,63,6f,6d,67,
    63,6a,64,61,63,64,63,66,63,70,63,66,6a,6f,6b,65,63,6b,6c,63,68,63,00,6d

    [HKEY_USERS\S-1-5-21-1390067357-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5FED351C-C5FE-76D3-FA35-04E85117F1BB}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2009-09-03 9:33
    ComboFix-quarantined-files.txt 2009-09-03 08:33

    Pre-Run: 191,505,870,848 bytes free
    Post-Run: 194,181,382,144 bytes free

    230 --- E O F --- 2009-09-01 21:23

    And the HJT log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:42, on 03/09/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle.org/cgi-bin/scraper.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

    --
    End of file - 2807 bytes
     
    jakinabox,
    #7
  9. 2009/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u "
    Restart computer.

    =============================================================

    Try to install Avira or Avast again.
     
    broni,
    #8
  10. 2009/09/03
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    Avast said "connection terminated,retrying" for a while & then failed with error log.Unable to copy it but it said "error:http GetWininet, catch returned 0x00002EE2.

    Avira said "estimated download time 9hrs" so I cancelled.

    AVG said "installation failed,make sure your computer is connected to the internet,error code 0xE001C022 "

    Do you think it might be a broadband connection or modem problem?

    Thanks,
    Jaki
     
    jakinabox,
    #9
  11. 2009/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Could be a combination. Your computer is/was definitely infected, which could messed up your internet connection (pretty common).
    Try some basic fixes. If no help, we'll continue with cleaning procedure, and worry about internet later.

    Turn off computer. Disconnect router, and modem from power source for 30 seconds.
    Power them back on.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew

    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
     
    broni,
    #10
  12. 2009/09/04
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    None of the above worked.
    Winsockfix keeps being timed out during download ,which was takes a very long time.
    Dial-a-fix said "cannot execute-archive in unknown format or damaged. "
     
    jakinabox,
    #11
  13. 2009/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you use router, did you try to bypass router?
    Any other computers at your place, connected to the internet?
    Call your ISP, and ask them to check your connection.

    Meanwhile....

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Post fresh HijackThis log as well.
     
    broni,
    #12
  14. 2009/09/07
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    Hi,
    I spoke to my ISP and they confirmed a problem with my connection and suggested removing the telephone extension wire and reinstalling windows etc.I've now done all this and got the internet back on with a free McAfee AV which came with the PC.Things seem better but the internet is still a bit slower than it was.
    Here is the HJT log since reinstalling everything:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:25:39, on 07/09/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    --
    End of file - 4178 bytes

    Thanks,
    Jaki
     
    jakinabox,
    #13
  15. 2009/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, we have a whole new story here, then.
    Was it clean install?
     
    broni,
    #14
  16. 2009/09/09
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    I think so,the tech took over remotely.He's still working on the speed issue though.In the morning the internet seems to run okay but it gets slower through the day until I can't load a page at all in the evening.He thinks the problem is with my telephone line.
    Do you want me to run anything to check or just class it as resolved now?
    Thanks,
    Jaki
     
    jakinabox,
    #15
  17. 2009/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, with fresh install, I'll simply mark this thread as "inactive ".
     
    broni,
    #16
  18. 2009/09/10
    jakinabox

    jakinabox Inactive Thread Starter

    Joined:
    2009/08/17
    Messages:
    17
    Likes Received:
    0
    Okay.
    Thankyou very much for your time & advice,
    Jaki
     
    jakinabox,
    #17
  19. 2009/09/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sure thing :)
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...