So basically, if I want to jump from one page to another, then from that page to another page, then from that page to another page, I have to close three different tabs or three different windows. Make sense? That gets makes it nearly impossible when I want to, you know, surf the Internet. The Internet has become virtually unusable for me until this stops.
I would post a HijackThis! log, except my current problem prevents me from getting to most web sites. I am posting this from another computer. I have tried for a few hours to download HijackThis!, but I am not able to get to any web site where it is offered.
I've scanned for viruses and nothing has come up.
ComboFix log:
ComboFix 09-05-08.03 - Administrator 05/10/2009 2:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.247 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\protect.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ahtn.htm
c:\windows\system32\ak1.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\drivers\ovfsthjmhxduirjlqjonwoaavsytetvhrmyblc.sys
c:\windows\system32\falxuisw.dll
c:\windows\system32\jmVxHRqr.ini
c:\windows\system32\jmVxHRqr.ini2
c:\windows\system32\kcwynnyl.dll
c:\windows\system32\lkorwspy.dll
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\ovfsthcwkdqoeplastexuwkiorwvmyilltawmp.dll
c:\windows\system32\ovfsthkgkryfojpcyulxnxrldacqqmowxlvnxn.dll
c:\windows\system32\ovfsthmpailwksnihkulywfsihkbfybjionhhu.dat
c:\windows\system32\ovfsthmpwkuuuefbjkgictonthbsksrrulnhsm.dll
c:\windows\system32\ovfsthqfhwwbvnxsaitdyexrtiafmbyhuhcdbf.dat
c:\windows\system32\uniq.tll
c:\windows\system32\winglsetup.exe
----- BITS: Possible infected sites -----
hxxp://drm.wippiespace.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthcbepxgwutoijwbmflwbwwapamextbfeb
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 05:20 . 2009-05-10 05:20 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-05-09 14:09 . 2009-05-10 05:13 27648 ----a-w c:\windows\system32\lmn_setup.exe
2009-05-03 04:09 . 2009-05-03 04:09 -------- d-----w c:\windows\Downloaded Installations
2009-05-03 04:08 . 2009-05-03 04:08 -------- d-----w c:\program files\Common Files\Scanner
2009-05-03 04:08 . 2009-02-16 16:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-05-03 04:08 . 2009-02-16 16:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-05-03 04:08 . 2009-02-16 16:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-05-03 04:08 . 2009-02-16 16:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-05-03 04:08 . 2009-02-16 16:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-05-03 04:08 . 2009-02-16 16:17 879760 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-05-03 04:08 . 2009-02-16 16:17 108288 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-18 17:49 . 2009-04-18 19:50 7039 ----a-w c:\windows\system32\winsetup66.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 22:45 . 2007-05-26 21:04 -------- d-----w c:\program files\FlashGet
2009-04-05 19:51 . 2009-04-05 19:51 -------- d-----w c:\program files\AVG
2009-02-16 16:16 . 2009-02-23 04:58 99568 ----a-w c:\windows\system32\isafeif.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2006-05-08 1413241]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-04-17 102455]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-04-04 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-03 185896]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 19:46 79368 ----a-w c:\windows\system32\UmxWNP.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:UDP"= 8080:UDP:8080 UDP
"8080:TCP"= 8080:TCP:8080 TCP
"80:UDP"= 80:UDP:80 UDP
"3128:TCP"= 3128:TCP:3128 UDP
"46042:TCP"= 46042:TCP:46042 TCP
"46042:UDP"= 46042:UDP:46042 UDP
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [1/5/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [11/18/2008 12:14 PM 72696]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [12/10/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [12/19/2008 1:59 PM 297464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2007 10:41 AM 24652]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [5/26/2007 1:19 PM 16194]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12/12/2008 12:37 PM 205304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53c8aaeb-181f-11de-a0ad-000f1f555606}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJYqPGW.dll
BHO-{D23A9B5F-E984-4658-B900-24D96B51A014} - c:\windows\system32\rqRHxVmj.dll
HKLM-Run-b8c4022f - c:\windows\system32\wgmdglmv.dll
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJYqPGW.dll
Notify-mlJYqPGW - mlJYqPGW.dll
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 130.88.203.27:3128
uInternet Settings,ProxyOverride = local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 02:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(1516)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
- - - - - - - > 'explorer.exe'(2168)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-10 2:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-10 06:20
Pre-Run: 3,752,628,224 bytes free
Post-Run: 5,497,720,832 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
189
Edited by Looch, 10 May 2009 - 12:29 AM.