Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Startup [CLOSED]

Started by leper73 , Apr 15 2008 12:31 AM

This topic is locked

#1
leper73

Posted 15 April 2008 - 12:31 AM

Member

Member
17 posts

When I try to start a new window in Internet Explorer, it will freeze up and take 2-3 minutes before I can do anything. Could this be because of malware? Here is a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:43 PM, on 4/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\JUSTIN GRAHAM\Application Data\Mozilla\Profiles\default\hsp4twpf.slt\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wserv32.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt2_x.cab
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Promise Technology, Inc. - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplug...ctive/?15687435
O24 - Desktop Component 2: Microsoft Investor Active Desktop Ticker - http://www.microsoft...ents/ticker.htm

--
End of file - 9074 bytes

#2
greyknight17

Posted 19 April 2008 - 07:33 PM

Malware Expert

Visiting Consultant
16,560 posts

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

#3
leper73

Posted 21 April 2008 - 02:34 PM

Member

Topic Starter
Member
17 posts

Here is my logfile:

ComboFix 08-04-14.2 - Justin Graham 2008-04-21 13:16:27.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.154 [GMT -7:00]
Running from: C:\Documents and Settings\Justin Graham\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-14 23:30 . 2008-04-14 23:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 13:43 . 2008-04-14 13:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-04-14 13:42 . 2008-04-14 14:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-14 13:42 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-15 08:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 00:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 07:20 --------- d-----w C:\Program Files\Thief2
2008-03-10 16:15 --------- d-----w C:\Program Files\Google
2008-03-10 06:37 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-03-10 03:17 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-10 03:17 --------- d-----w C:\Documents and Settings\Justin Graham\Application Data\Malwarebytes
2008-03-10 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-08 07:27 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.1
2008-02-27 05:31 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-27 05:31 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-02-27 05:31 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-27 05:31 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-27 05:31 --------- d-----w C:\Program Files\Symantec
2008-02-27 05:25 --------- d-----w C:\Program Files\Common Files\Adobe
2005-11-18 05:15 140,632 ---ha-w C:\Documents and Settings\Justin Graham\Application Data\ptads.bin
2005-04-04 00:51 937 ----a-w C:\Program Files\Shortcut to HijackThis.lnk
2004-10-28 07:02 44 ----a-w C:\Documents and Settings\LocalService\Application Data\tvmcwrd.dll
2004-06-28 22:02 149,504 ----a-w C:\Program Files\CWShredder.exe
2004-06-14 08:37 449 ----a-w C:\Documents and Settings\Justin Graham\UpdateReg.reg
2002-12-03 04:34 56,952 ----a-w C:\Documents and Settings\Justin Graham\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_ 2.00.42.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 08:32:41 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-21 20:09:29 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 28,738 2001-08-17 03:41:58 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 180,269 2004-10-12 02:03:39 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 218,240 2004-11-03 00:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 155,896 2006-09-28 21:14:36 C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe

----a-w 163,576 2006-10-14 03:40:13 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe

----a-w 278,528 2005-10-18 19:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2004-12-07 05:31:50 C:\Program Files\Java\jre1.5.0_01\bin\bak\jusched.exe

----a-w 53,248 2001-06-14 19:42:26 C:\Program Files\LexmarkX83\bak\AcBtnMgr_X83.exe

----a-w 40,960 2001-10-18 17:25:18 C:\Program Files\LexmarkX83\bak\ACMonitor_X83.exe

----a-w 473,920 2005-02-11 05:32:22 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

----a-w 11,776 2005-05-11 00:04:50 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mimboot.exe

----a-w 110,592 2005-05-11 00:04:52 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 75,384 2002-02-27 16:27:58 C:\Program Files\Norton AntiVirus\bak\navapw32.exe

----a-w 524,288 2003-04-29 18:40:10 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe
----a-w 536,576 2005-03-17 19:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

----a-w 516,096 2005-02-18 19:51:34 C:\Program Files\Panicware\Pop-Up Stopper Professional\bak\POPUPS~1.EXE

----a-w 155,648 2005-11-04 03:54:13 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 679,936 2002-04-10 21:44:04 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

----a-w 1,544,192 2002-04-25 01:37:43 C:\Program Files\support.com\bin\bak\tgcmd.exe

----a-w 100,056 2006-01-27 10:54:52 C:\Program Files\SymNetDrv\bak\SNDMon.exe

----a-w 304,640 2006-05-03 07:45:24 C:\Program Files\Trojan Remover\bak\Trjscan.exe
----a-w 300,112 2007-04-19 05:38:01 C:\Program Files\Trojan Remover\Trjscan.exe

----a-w 1,757,184 2004-01-20 18:45:00 C:\WINDOWS\kdx\bak\KHost.exe

----a-w 106,496 2002-03-27 02:20:52 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

----a-w 155,648 2002-03-27 02:28:56 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

----a-w 36,864 2001-10-25 18:20:09 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 01:45 68856]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22 26248]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-11-17 17:14 4806656]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update"="wserv32.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-26 23:33:26 124912]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 15:06:54 24633]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 07:15]
R2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\System32\Drivers\usbscan.sys [2002-08-29 02:48]
S4 hpt3xx;hpt3xx;C:\WINDOWS\System32\DRIVERS\hpt3xx.sys [2001-08-17 11:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 07:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 16:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 17:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 18:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 19:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 20:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-20 21:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-20 22:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-20 23:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 00:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 01:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 08:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 02:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 03:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 04:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-21 10:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-20 11:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 12:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 13:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 14:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2008-04-13 15:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\0NnW55E3.exe
"2002-08-14 20:49:05 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-04-19 05:43:04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Justin Graham.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-04-21 09:00:03 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
"2008-04-21 07:00:01 C:\WINDOWS\Tasks\{8AED161E-A8D9-4A44-B247-72ABD68D4C28}_DJ2YZP11_Justin Graham.job"
- C:\WINDOWS\system32\MOBSYNC.EXEK /Schedule=
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 13:23:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\WTSAPI32.dll
.
Completion time: 2008-04-21 13:29:19
ComboFix-quarantined-files.txt 2008-04-21 20:28:06
ComboFix2.txt 2008-04-17 01:43:15
ComboFix3.txt 2008-04-15 09:01:40

Pre-Run: 109,458,153,472 bytes free
Post-Run: 109,432,528,896 bytes free
.
2008-04-14 20:44:31 --- E O F ---

Now I also have another problem: I can get Task Manager to come up, but it's just a blank box. I can still do the End Task/Switch To/Cancel, but nothing else. Not even the icons to let me close it.

#4
greyknight17

Posted 21 April 2008 - 05:01 PM

Malware Expert

Visiting Consultant
16,560 posts

Do you have problems installing the recovery console? Try to install that now before you do the fixes. Go back to the site where you downloaded Combofix and skip the instructions for the XP CD. Go straight to the download and get the one for your computer XP SP1 (Home or Pro...you should know). Once downloaded, drag and drop that file into Combofix to install it.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

KILLALL::
AWF::
----a-w 28,738 2001-08-17 03:41:58 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
----a-w 180,269 2004-10-12 02:03:39 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 218,240 2004-11-03 00:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
----a-w 155,896 2006-09-28 21:14:36 C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe
----a-w 163,576 2006-10-14 03:40:13 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
----a-w 278,528 2005-10-18 19:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 36,975 2004-12-07 05:31:50 C:\Program Files\Java\jre1.5.0_01\bin\bak\jusched.exe
----a-w 53,248 2001-06-14 19:42:26 C:\Program Files\LexmarkX83\bak\AcBtnMgr_X83.exe
----a-w 40,960 2001-10-18 17:25:18 C:\Program Files\LexmarkX83\bak\ACMonitor_X83.exe
----a-w 473,920 2005-02-11 05:32:22 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe
----a-w 11,776 2005-05-11 00:04:50 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mimboot.exe
----a-w 110,592 2005-05-11 00:04:52 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe
----a-w 75,384 2002-02-27 16:27:58 C:\Program Files\Norton AntiVirus\bak\navapw32.exe
----a-w 524,288 2003-04-29 18:40:10 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe
----a-w 536,576 2005-03-17 19:10:32 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
----a-w 516,096 2005-02-18 19:51:34 C:\Program Files\Panicware\Pop-Up Stopper Professional\bak\POPUPS~1.EXE
----a-w 155,648 2005-11-04 03:54:13 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 679,936 2002-04-10 21:44:04 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 1,544,192 2002-04-25 01:37:43 C:\Program Files\support.com\bin\bak\tgcmd.exe
----a-w 100,056 2006-01-27 10:54:52 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 304,640 2006-05-03 07:45:24 C:\Program Files\Trojan Remover\bak\Trjscan.exe
----a-w 300,112 2007-04-19 05:38:01 C:\Program Files\Trojan Remover\Trjscan.exe
----a-w 1,757,184 2004-01-20 18:45:00 C:\WINDOWS\kdx\bak\KHost.exe
----a-w 106,496 2002-03-27 02:20:52 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe
----a-w 155,648 2002-03-27 02:28:56 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe
----a-w 36,864 2001-10-25 18:20:09 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe
File::
C:\WINDOWS\System32\0NnW55E3.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Any improvement?

#5
leper73

Posted 23 April 2008 - 07:31 PM

Member

Topic Starter
Member
17 posts

Downloaded version of Console Recovery, put it into ComboFix, and got this logfile:

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Edited by leper73, 23 April 2008 - 08:01 PM.

#6
greyknight17

Posted 23 April 2008 - 09:12 PM

Malware Expert

Visiting Consultant
16,560 posts

OK, run the fix I gave you earlier for CFScript.txt and post the new combofix log here when ready

#7
greyknight17

Posted 03 May 2008 - 01:17 PM

Malware Expert

Visiting Consultant
16,560 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.