Thank you very much in advance for any help.
My system was having instability issues and i decided that it was finally time to do another fresh install of windows.
Install completed, and i booted. But the system was even slower. I tend to forget this after a few weeks after the install
but it appears i install some sort of malware / trojan / whatever each and every time i reinstall windows. This is from both
an original winxp cd and a dvd copy of it with slipstreamed ethernet and sataraid drivers.
The symptom is that one of the svchost.exe processes uses 100% cputime which slows down the system extremely while installing
backdoors, trojans and even more malware in the background.
So i downloaded avgfree antivirus and Ad Aware Se personal, ran a scan and made a terrifying discovery. 200-300 different
kinds of viruses, malwares and more. With automated scans i got rid of most, but about 30-50 remained.
Then i came here, went trough the thread and following those steps given there i`v now managed to narrow it down to one
malware with tree infections: Look2me
Programs used:
Avgfree
Cwshredder
l2mfix
Ad-aware
Spybot s&d
Trojan hunter
X-Cleaner
Ewido
Neither of these programs sucsessfully removed look2me, in safemode or in windows.
More info:
I also updated windows with about 40-50 smaller security updates, tried to install sp2 but for some reason failed.
My Hijackthis log.
Logfile of HijackThis v1.99.1 Scan saved at 04:53:03, on 01.03.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\sysctl.exe C:\INSTAL~1\AVGFRE~1\avgcc.exe C:\Programfiler\TrojanHunter 4.2\THGuard.exe C:\Programfiler\Messenger\MSMSGS.EXE C:\Documents and Settings\Fluffier\Programdata\?ssembly\r?gsvr32.exe C:\WINDOWS\System32\WNSXS~1\chkntfs.exe C:\INSTAL~1\AVGFRE~1\avgamsvr.exe C:\INSTAL~1\AVGFRE~1\avgupsvc.exe C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Programfiler\ewido anti-malware\ewidoguard.exe C:\Installerte Programmer\Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Windows Media Player\wmplayer.exe C:\Documents and Settings\Fluffier\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {88EA62F3-826E-FE9D-1C82-F75A633840E2} - C:\WINDOWS\System32\fwb.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ahmb] c:\windows\eee2.exe O4 - HKLM\..\Run: [TIAP] C:\windows\eee2.exe O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe O4 - HKLM\..\Run: [sysctl32] sysctl.exe O4 - HKLM\..\Run: [AVG7_CC] C:\INSTAL~1\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe O4 - HKCU\..\Run: [Sxid] C:\Documents and Settings\Fluffier\Programdata\?ssembly\r?gsvr32.exe O4 - HKCU\..\Run: [Ibpd] "C:\WINDOWS\System32\WNSXS~1\chkntfs.exe" -vt ndrv O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141168557166 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\m0jula191d.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\INSTAL~1\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\INSTAL~1\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe