2 replies to this topic

[Ermine]

My wife's computer doesn't seem to finish downloading pages, she likes to use 'Tagged' and do online surveys but they take forever to down/upload. She is running AVG free plus Spyware Blaster and Win Patrol.
I have run Housecall, Malwarebytes' Anti-Malware, Glary Utilities, Spybot - Search & Destroy and AdAware. About all they could find was some cookies that I had them remove. I also uninstalled and reinstalled Fire Fox.
My computer is working fine so can't see it being in the router or internet connection, but what do I know.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:04 PM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koower.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - Global Startup: Microsoft Office.lnk = C:\Apps From Tom\Program Files\office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Apps From Tom\Program Files\Ashampoo HDD Control\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3660 bytes


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 16:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF42C1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF97BF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF3B61000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==


DDS (Ver_09-06-26.01) - NTFSx86
Run by Bunny at 16:49:08.00 on Sun 10/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.51 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bunny\Desktop\DownLoads\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.koower.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\apps from tom\program files\office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bunny\applic~1\mozilla\firefox\profiles\0bg9anv6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-18 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-18 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-18 360584]

=============== Created Last 30 ================

2009-10-18 19:42 <DIR> --d----- c:\program files\Trend Micro
2009-10-18 17:38 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-10-18 14:12 <DIR> --d----- c:\docume~1\bunny\applic~1\WinPatrol
2009-10-18 14:12 <DIR> --d----- c:\program files\BillP Studios
2009-10-18 09:54 <DIR> --d----- c:\program files\GameTop.com
2009-10-18 09:26 <DIR> --d-h--- C:\$AVG
2009-10-18 09:25 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-10-18 09:25 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-18 09:25 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-18 09:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-18 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-10 13:51 <DIR> --d----- C:\Games
2009-10-10 06:52 <DIR> --d----- c:\docume~1\bunny\applic~1\Gold Casual Games
2009-10-10 06:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gold Casual Games
2009-09-30 09:09 <DIR> --d----- c:\documents and settings\bunny\dwhelper

==================== Find3M ====================

2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:36 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 00:36 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-29 00:36 17,408 a------- c:\windows\system32\corpol.dll
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-11 08:58 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 07:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 16:52:07.34 ===============

Attached Files

•  Attach.txt   9.89KB   221 downloads

Edited by Ermine, 26 October 2009 - 06:40 AM.

[Tomk]

Hi Ermine,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

You appear to be running an old version of FireFox. Is there some reason you haven't chosen to update it?

[Tomk]

Due to inactivity this topic will be closed. If you need help please start a new thread.