All anti virus updates disabled

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
←
1
2
3
4
→

You cannot start a new topic
This topic is locked

All anti virus updates disabled unable to update spybot,NOD32,AdAware

#31 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 08 July 2009 - 10:40 AM

Hello.

How is your computer running now? Any more problems/symptoms?

Please take a new DDS run and post back with the logs.

~EB

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to

#32 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 08 July 2009 - 11:18 AM

Internet is so slow that it is not usable.
Tried to update Spybot but was unable to do so. It starts to update and then says bad checksum.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Zvi Schiff at 19:09:50.25 on 08-Jul-09
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.588 [GMT 3:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iriver\iriver plus 2\iAgent2.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\Program Files\iPod\bin\iPodService.exe
F:\Documents and Settings\Zvi Schiff\Desktop\anti virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
mRun: [IMONTRAY] "f:\program files\intel\intel® active monitor\imontray.exe"
mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [OSSelectorReinstall] "f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [AppleSyncNotifier] "f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
StartupFolder: f:\docume~1\zvisch~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.4\program\quickstart.exe
IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html
IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab
TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll
FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: f:\program files\picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531]
R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496]
R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672]
R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144]
S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464]
S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988]
S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960]
S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624]
S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696]
S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?]
S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658]
S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048]
S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100]

=============== Created Last 30 ================

2009-06-30 18:22 <DIR> --ds---- F:\ComboFix
2009-06-25 15:32 <DIR> --d----- F:\_OTM
2009-06-23 16:15 <DIR> a-dshr-- F:\cmdcons
2009-06-23 15:15 <DIR> -cd----- f:\windows\system32\dllcache\cache
2009-06-16 14:23 <DIR> --d----- f:\program files\MSSOAP
2009-06-16 14:23 <DIR> --d----- f:\program files\Webroot
2009-06-11 15:16 <DIR> --d----- f:\docume~1\zvisch~1\applic~1\Malwarebytes
2009-06-11 15:15 38,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 15:15 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 15:15 19,096 a------- f:\windows\system32\drivers\mbam.sys
2009-06-11 15:15 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware
2009-06-10 15:29 <DIR> --d----- f:\documents and settings\zvi schiff\DoctorWeb
2009-06-09 19:12 <DIR> a-dshr-- F:\autorun.inf
2009-06-09 14:53 161,792 a------- f:\windows\SWREG.exe
2009-06-09 14:53 155,136 a------- f:\windows\PEV.exe
2009-06-09 14:53 98,816 a------- f:\windows\sed.exe

==================== Find3M ====================

2009-07-08 19:10 2,015,899,680 a--sh--- f:\windows\system32\drivers\fidbox.dat
2009-07-07 16:35 23,625,392 a--sh--- f:\windows\system32\drivers\fidbox.idx
2009-07-05 19:39 1,744 a------- f:\windows\system32\d3d9caps.dat
2009-07-05 19:28 410,984 a------- f:\windows\system32\deploytk.dll
2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat
2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat
2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat
2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe

============= FINISH: 19:10:56.18 ===============

Attached File(s)

Attach8.txt.zip (4.12K)
Number of downloads: 1

#33 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 08 July 2009 - 12:16 PM

Hello.

Quote

Internet is so slow that it is not usable.
Tried to update Spybot but was unable to do so. It starts to update and then says bad checksum.

Are you able to connect and actually visit any page including your home page though when using the internet?

Regarding the "bad checksum": http://www.safer-networking.org/en/faq/20.html

What about your other security programs? Can you update those?

~Extremeboy

#34 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 09 July 2009 - 07:14 AM

nod32 says update is not necessary - the virus signature database is current
Last updated 25 jun-09
I downloaded the spybot updater from the mac in 30 seconds, it was never ending on the PC.
When I click Repair on local area connection I get a message "Windows could not finish repairing the problem because the following action could not be completed: Clearing the ARP cache.
I am able to visit websites but they never fully load. Using Firefox but also tried Safari. Too slow to use and nothing ever fully loads no matter how long I wait.
Here is the log of system startup from spybot. It was full of malware before we started and is now clear!

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-06-02 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-06-02 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-07-07 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-07 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-06-30 Includes\Malware.sbi
2009-07-07 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-07-07 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-06-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-07-07 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi
2009-07-08 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, AppleSyncNotifier
command: "F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
file: F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: 3D50C85D295D4C6D0A5CD9F21481ECEA

Located: HK_LM:Run, egui
command: "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
file: F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 1443072
MD5: 96D4ECD27FEEF7F5F23A8518EEE2F591

Located: HK_LM:Run, IMONTRAY
command: "F:\Program Files\Intel\Intel® Active Monitor\imontray.exe"
file: F:\Program Files\Intel\Intel® Active Monitor\imontray.exe
size: 32768
MD5: 98A6DC42B2D3FA3787FB82C8B9053745

Located: HK_LM:Run, ISUSPM
command: "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 213936
MD5: 2BAD84B393AF47006D80BA2F03B18029

Located: HK_LM:Run, iTunesHelper
command: "F:\Program Files\iTunes\iTunesHelper.exe"
file: F:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, OSSelectorReinstall
command: "F:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe"
file: F:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
size: 2209224
MD5: 4CEB109C2B126D6A80FFAA272AE55483

Located: HK_LM:Run, RegKillElbyCheck
command: "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
file: F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe
size: 45056
MD5: FB408B5E89B7EB5720E04485B847CBD4

Located: HK_LM:Run, RegKillTray
command: "F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
file: F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
size: 49152
MD5: 7C30C1DCE26F704DCB870D610B19FC50

Located: HK_LM:Run, SunJavaUpdateSched
command: "F:\Program Files\Java\jre6\bin\jusched.exe"
file: F:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708

Located: HK_LM:Run, ZoneAlarm Client
command: "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13

Located: HK_LM:Run, iHP-100 (DISABLED)
command: F:\Program Files\iRiver\iHP100\iHPDetect.exe
file: F:\Program Files\iRiver\iHP100\iHPDetect.exe
size: 28672
MD5: 5AC6BC9E151A84FEE58C8218A7D94FE7

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "F:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
file: F:\Program Files\QuickTime Alternative\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "F:\Program Files\Java\jre6\bin\jusched.exe"
file: F:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708

Located: HK_CU:Run, Microsoft Update Machine (DISABLED)
where: .DEFAULT...
command: jjnsnpu.exe
file: jjnsnpu.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Picasa Media Detector (DISABLED)
where: .DEFAULT...
command: F:\Program Files\Picasa2\PicasaMediaDetector.exe
file: F:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1229272821-1708537768-725345543-1003...
command: F:\WINDOWS\system32\ctfmon.exe
file: F:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, iPlusAgent2
where: S-1-5-21-1229272821-1708537768-725345543-1003...
command: "F:\Program Files\iriver\iriver plus 2\iAgent2.exe"
file: F:\Program Files\iriver\iriver plus 2\iAgent2.exe
size: 241664
MD5: E6AD381FBB1AB52B52EBF9C66DE25E5F

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1229272821-1708537768-725345543-1003...
command: F:\WINDOWS\system32\ctfmon.exe
file: F:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, SansaDispatch (DISABLED)
where: S-1-5-21-1229272821-1708537768-725345543-1003...
command: F:\Documents and Settings\Zvi Schiff\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
file: F:\Documents and Settings\Zvi Schiff\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
size: 79872
MD5: 5978DA8D6782DE6AD67786B60EE3A29D

Located: HK_CU:Run, Microsoft Update Machine (DISABLED)
where: S-1-5-18...
command: jjnsnpu.exe
file: jjnsnpu.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Picasa Media Detector (DISABLED)
where: S-1-5-18...
command: F:\Program Files\Picasa2\PicasaMediaDetector.exe
file: F:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: Startup (user), OpenOffice.org 2.4.lnk (DISABLED)
where: F:\Documents and Settings\Zvi Schiff\Start Menu\Programs\Startup...
command: F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
file: F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
size: 393216
MD5: F5CECCFE0CF964B209DCAB226D4C1DE3

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: F:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: F:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

#35 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 09 July 2009 - 10:42 AM

Hello.

You seem to be free of malware. Let's see what we can do for the internet problem.

Please do the following.

Create and Run batch script

Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

Quote
@Echo off

sc stop "RemoteAccess" > C:\look.txt
netsh interface ip delete arpcache >> C:\look.txt
ipconfig /flushdns >> C:\look.txt
Start Notepad C:\look.txt
Click File, then Save As... .
Click Desktop on the left.
Under the Save as type dropdown, select All Files.
In the box File Name, input clear.bat.
Hit OK.

When done properly, the icon should look like Posted Image

for XP machines and Posted Image

for Vista machines.

Double click on clear.bat to run it. If you are using Windows Vista, please right-click and Run As Administrator...

A Black DOS window shall appear and then disappear. Notepad will then open, please post the contents of notepad in your next reply. The log can also be found in your C:\ drive entitled look.txt

Now reboot your computer and post back how the internet connection works. Does pressing repair give you the same error message>

Take a new DDS run and post back with both logs.

With Regards,
Extremeboy

#36 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 12 July 2009 - 06:34 AM

no change.
Thanks
Zvi

SERVICE_NAME: RemoteAccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x2
WAIT_HINT : 0x30d40
Ok.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Zvi Schiff at 14:35:11.06 on 12-Jul-09
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.595 [GMT 3:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iriver\iriver plus 2\iAgent2.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\iPod\bin\iPodService.exe
F:\Documents and Settings\Zvi Schiff\Desktop\anti virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
mRun: [IMONTRAY] "f:\program files\intel\intel® active monitor\imontray.exe"
mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [OSSelectorReinstall] "f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [AppleSyncNotifier] "f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
StartupFolder: f:\documents and settings\zvi schiff\start menu\programs\startup\OpenOffice.org 2.4.lnk.disabled
IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html
IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab
TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll
FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: f:\program files\picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531]
R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496]
R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672]
R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144]
S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464]
S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988]
S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960]
S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624]
S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696]
S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?]
S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658]
S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048]
S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100]

=============== Created Last 30 ================

2009-07-09 15:15 48,904 a---h--- f:\windows\system32\mlfcache.dat
2009-06-30 18:22 <DIR> --ds---- F:\ComboFix
2009-06-25 15:32 <DIR> --d----- F:\_OTM
2009-06-23 16:15 <DIR> a-dshr-- F:\cmdcons
2009-06-23 15:15 <DIR> -cd----- f:\windows\system32\dllcache\cache
2009-06-16 14:23 <DIR> --d----- f:\program files\MSSOAP
2009-06-16 14:23 <DIR> --d----- f:\program files\Webroot

==================== Find3M ====================

2009-07-12 14:35 2,017,425,440 a--sh--- f:\windows\system32\drivers\fidbox.dat
2009-07-12 14:29 23,644,544 a--sh--- f:\windows\system32\drivers\fidbox.idx
2009-07-05 19:39 1,744 a------- f:\windows\system32\d3d9caps.dat
2009-07-05 19:28 410,984 a------- f:\windows\system32\deploytk.dll
2009-06-17 11:27 38,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- f:\windows\system32\drivers\mbam.sys
2009-06-08 08:10 155,136 a------- f:\windows\PEV.exe
2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat
2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat
2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat
2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe
2009-07-12 14:35 2,017,439,776 a--sh--- f:\windows\system32\drivers\fidbox.dat

============= FINISH: 14:36:20.89 ===============

#37 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 12 July 2009 - 06:29 PM

Hello.

Can you let me know the current problem right now. Internet still doesn't work? etc..

With Regards,
Extremeboy

#38 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 13 July 2009 - 06:51 AM

Internet pages never finish loading and load very slow.
If it would be easier we could chat on Skype at zvikie or on AIM at zschiff.
Thanks,
Zvi

#39 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 13 July 2009 - 08:44 AM

Hello.

You may wish to start a topic over here: http://www.bleepingcomputer.com/forums/forum14.html

I'm not too sure what's causing it or how to approach to fix it.

Your log looks fine no active infection right now that I see.

With Regards,
Extremeboy

#40 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 13 July 2009 - 09:00 AM

OK. Thanks very much.
If I get infected again should I just use Kaspersky first?

#41 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 13 July 2009 - 09:12 AM

Hello.

Kaspersky is an online scan. You can run it as it is a very good online scanner however, if you wish for some guidence or help you can first start a topic in the Am I Infected forum over here: http://www.bleepingcomputer.com/forums/forum103.html

Reason, why I wouldn't recommend Kaspersky at the first go is I don't know the infection you have without any logs and the kaspersky scan takes a very long time and doesn't help much since it only scans it does not remove.

Good luck.

With Regards,
Extremeboy

#42 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 13 July 2009 - 09:12 AM

#43 zschiff

Member

Group: Members
Posts: 24
Joined: 11-June 09

Posted 13 July 2009 - 09:28 AM

I meant Kaspersky Virus-Removal Tool, the one that was downloaded and installed before running.
Is that a good all around tool that might save me a trip to teh forum?

Thanks,
Zvi

#44 extremeboy

Forum Addict

Group: Malware Response Team
Posts: 12,974
Joined: 21-March 08
Gender:Male

Posted 13 July 2009 - 11:22 AM

Hello.

Quote

Is that a good all around tool that might save me a trip to teh forum?

It's a fairly good scan, but it's not a tool that can be used to deal with every infections. In fact, it's more of a scanner of when we have removed most of the infections already and just doing a checkup with that tool.

Other tools/scanners such as: Malwarebytes, Superanti-Spyware, Anti-Virus softwares are something that I would rely on more if you are not going to scan them yourselves.

With Regards,
Extremeboy