[Kristina]

Hi! Thank you for the help!

I uninstalled combofix and ran OTMoveit2.

Howeve I can't uninstall JRE. In my list of programs appears only Java ™ Update 3, and it doesn't have any kind of change/remove button.

Also the computer is not as fast as I thought. It seemed better, but I still have problems loading pages and programs. In order for a page link to work (it doesn't if I just double click), I discovered save target as might work, I then double click the icon saved on my desktop...and it may work. I don't get it why the pages don't load on normal click.

Edited by Kristina, 23 May 2008 - 06:29 AM.

[Advertisements]

Nothing I can do about that

Any other questions ?

[Rorschach112]

Nothing I can do about that

Any other questions ?

[Kristina]

Ok then, thank you for the help. Just what section of the forum should I post for this problem then?
If it's nothing malware left then I don't know what it is...

[Rorschach112]

Windows XP

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[Chopin]

Topic re-opened at user request.

Edited by Fredil, 26 May 2008 - 07:52 AM.

[Kristina]

Hi! I reopened this thread as the problem still seems to be there. The computer seemed to get a little faster at first, but now it's even worse than before. I can not load pages in IE, in Firefox they manage to load in the end but still very slow. The computer is also quite slow with programs, but especially with the Internet. I've done a scan again with Panda online antivirus and it still found bad stuff.

I don't think it's just a browser problem since the computer is quite slow too. I'm currently trying to load Kaspersky antivirus. I'll try to do an online scan with Kaspersky and post the log.

Edited by Kristina, 26 May 2008 - 08:18 AM.

[Rorschach112]

Post a new HijackThis log

[Kristina]

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:36, on 26.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF18459.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6682 bytes

[Rorschach112]

Your logs are clean

Not every "slow computer" problem is malware related

Do you have any questions ?

[Kristina]

Hi! I ran SuperAntiSpyware and it seems it detected some more malware and removed it. For now the net generally seems to be a bit faster, but I don't know if it will last.

However, I still can not access links. None of the links posted in this thread work for me. When I saw it detected a trojan and dialer I thought that might be it, but the problem is still there.

What I'd like to know is what other pogram I might use to search for threats? I had used AVG Antispyware and it didn't detect the threats I now found with SuperAntiSpyware.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2008 at 06:40 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Quick Scan
Total Scan Time : 00:21:40

Memory items scanned : 355
Memory threats detected : 0
Registry items scanned : 367
Registry threats detected : 0
File items scanned : 6618
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Ruxandra\Cookies\ruxandra@insightexpressai[1].txt
.fortunecity.com [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
.fortunecity.com [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
.fortunecity.com [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
.fortunecity.com [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
.ad2.bbmedia.cz [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Ruxandra\Application Data\Mozilla\Firefox\Profiles\hlcbbuc2.default\cookies.txt ]

Trojan.Malware
D:\asdf.txt

Dialer.InfoDialer
E:\My Documents\e1xplorer.lnk
E:\My Documents\exsplorer.lnk

[Rorschach112]

Your logs are clean, SAS only found cookies and left overs

You don't need to run any scans

Try this for your website problem

Download the HostsXpert 3.7 - Hosts File Manager.

• Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Is there anything else ?

[Kristina]

Thank you! I tried Hostxpert, but the problem seems to remain the same.

I had already posted this in Web browsers section, but I didn't yet get an answer.

If there isn't any suggestion I might still try to follow here, then I'll post this in the XP section like you suggested.

[Rorschach112]

Windows XP forum is your best bet, tell them I sent you over