Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to visit antivirus sites, Spybot wont run, etc. Unknown virus.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Xavierdechamps

Xavierdechamps

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 01 March 2009 - 07:59 PM

Im running XP (Pro, I think).

The problem first arose, when I noticed the browser (IE) was working a bit slow upon requesting websites. Then I wanted to do a Housecall Trendmicro scan, but was unable to load the webpage. I then tried to run Spybot, but the program wont run. It crashes without any explanation. I have had NOD32 running and Sunbelt Firewall. I just noticed that Sunbelt was not running at every restart. Maybe the virus or trojan quits the firewall at some time.

Here's a list of things I have tried (in chrono order):

1. Trendmicro Housecall scan. UNABLE TO ACCESS SITE
2. Tried to start Spybot. CRASHES AT STARTUP.
3. Tried to do a NOD32 scan. CRASHED TO BLUE SCREEN OF DEATH.
4. Ran SDFIX in Safe Mode. Got some Memory Allocation errors. Cant find anything on google on this. Otherwise ran OK.
4. Tried to reinstall Spybot and startup. CRASHES AT STARTUP.
5. Tried CCleaner. Cleaned registry and standard cleansing.
6. Run CWShredder. FOUND NOTHING.
7. Run miniremoval tool from Housecall. FOUND NOTHING.
8. Tried to install Malware Bytes. But setup wont run. Crashes.
9. Tried a second NOD32 scan. And it seems to not crash this time. Not finished yet...

Thanx for listening, and I hope someone can help :thumbup2:

Here's my DDS log file:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Sennep at 0.42.31,35 on 02-03-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2046.1330 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: *disabled*
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\p2csvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Programmer\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\All Users\Dokumenter\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=dk&l=da&s=gen
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre1.6.0_07\bin\ssv.dll
mRun: [IAAnotif] c:\programmer\intel\intel matrix storage manager\Iaanotif.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [egui] "c:\programmer\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [H2O] c:\programmer\syncrosoft\pos\h2o\cledx.exe
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\programmer\flles filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] c:\progra~1\flles~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\codeme~1.lnk - c:\programmer\codemeter\runtime\bin\CodeMeterCC.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\p2card~1.lnk - c:\programmer\panasonic p2\drivers\app\P2TaskTray.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\programmer\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158861073468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222424090624&h=5413cac41277f40c3348d2400ea2091f/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {58BB56FE-2E95-45DB-8409-E6E53C24D02E} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\programmer\codemeter\runtime\bin\CodeMeter.exe [2007-8-23 2007040]
R2 ekrn;Eset Service;c:\programmer\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R2 p2csvc;p2csvc;c:\windows\system32\p2csvc.exe -service --> c:\windows\system32\p2csvc.exe -service [?]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-6-30 14416]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2007-9-25 215104]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2007-9-25 3744]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2007-9-25 9024]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-5-22 33792]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-11-6 36384]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
S2 KorgBlkT;KorgBlkT.Sys KORG USB Bulk Driver;c:\windows\system32\drivers\korgblkt.sys [2005-5-13 11520]
S2 SPF4;Sunbelt Personal Firewall 4;c:\programmer\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmer\flles filer\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2008-6-30 44344]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2008-6-20 44344]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2004-2-18 12544]
S3 p2usb;Panasonic P2 Series USB Device;c:\windows\system32\drivers\p2usb.sys [2008-7-31 22144]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-7-3 12288]

=============== Created Last 30 ================

2009-03-02 00:35 <DIR> --d----- c:\programmer\CCleaner
2009-03-01 18:47 <DIR> --d----- c:\programmer\flles filer\Business Objects
2009-02-16 19:30 43,904 a------- c:\windows\system32\drivers\sbp2port.sys
2009-02-16 19:30 43,904 a------- c:\windows\system32\dllcache\sbp2port.sys
2009-02-08 10:28 <DIR> --d----- c:\programmer\Panasonic P2

==================== Find3M ====================

2009-03-01 23:38 201,954 a------- c:\windows\system32\drivers\fwdrv.err
2009-01-21 09:56 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-16 21:19 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 09:09 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-11-21 00:18 22,328 ac------ c:\docume~1\sennep\applic~1\PnkBstrK.sys
2008-10-31 00:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008103120081101\index.dat

============= FINISH: 0.43.33,46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Xavierdechamps

Xavierdechamps
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 01 March 2009 - 08:02 PM

By the way. I have not installed Antivirus 2008. But the attack reminds me of an "Antivirus 2008"-attack, a friend of mine had. He too couldnt access antivirus sites.

#3 Xavierdechamps

Xavierdechamps
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 02 March 2009 - 03:51 AM

Remove this thread. Im doing a reinstall.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:59 PM

Posted 03 March 2009 - 11:28 AM

Thanks for informing us. Good luck.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users