Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer was slow now Windows Firewall is gone!


  • This topic is locked This topic is locked
8 replies to this topic

#1 killingyouguy

killingyouguy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 05 March 2009 - 03:54 PM

OK, over the last several days my computer has been pretty slow. Using IE has been slow (brower responsiveness, not connection) and pretty much just navigating through windows. Also videos I view in WMP run really slowly. I've ran everything I've got it didn't seem to change much, although I think NOD32 found a trojan. Here's what I ran:

NOD32
Ad-Aware AE
Spybot Seek & Destroy
Malwarebytes Anti-Malware
Disk Defragmenter
Scan Disk

And when I got up this morning it was still really slow. I was trying to surf the net but it wouldn't respond. I'd open up my favourites and click one but nothing would happen. And the icons of the favourites had changed from the IE symbol to the one for when the file has no default program to run it. So I restarted and when it got back into Windows it told me the Windows Firewall wasn't running. So I went to the security center to start it up and it said it couldn't, I should try doing it myself. So I went to Windows Firewall, tried it and was told it can't start it.

Can someone help?

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 05 March 2009 - 04:16 PM

Hello.

Does seem like an infection. Try running the following and let me know how it goes..

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

What OS are you using currently?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 killingyouguy

killingyouguy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 06 March 2009 - 05:16 AM

I'm using Windows XP Professional.


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1824
Windows 5.1.2600 Service Pack 3

6/03/2009 6:14:19 PM
mbam-log-2009-03-06 (18-14-19).txt

Scan type: Quick Scan
Objects scanned: 72795
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-06 21:00:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF771E87E]
SSDT sptd.sys ZwEnumerateKey [0xF75BC84C]
SSDT sptd.sys ZwEnumerateValueKey [0xF75BCBEC]
SSDT sptd.sys ZwOpenKey [0xF75B7090]
SSDT sptd.sys ZwQueryKey [0xF75BCCC4]
SSDT sptd.sys ZwQueryValueKey [0xF75BCB44]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF771EC10]

---- Kernel code sections - GMER 1.0.14 ----

? D:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6B868AC 5 Bytes JMP 86EDB960
? System32\Drivers\a8dxemv6.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[560] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3208] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F75CB580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75CB52C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75E5AB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75CB580] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75B7ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75B7C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75B7B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75B872E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75B8604] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75CAB9A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8735E1D8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Fastfat \FatCdrom 86F19980
Device \FileSystem\Udfs \UdfsCdRom 86DE0980
Device \FileSystem\Udfs \UdfsDisk 86DE0980
Device \Driver\usbuhci \Device\USBPDO-0 86E8F1D8
Device \Driver\usbuhci \Device\USBPDO-1 86E8F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873601D8
Device \Driver\dmio \Device\DmControl\DmConfig 873601D8
Device \Driver\dmio \Device\DmControl\DmPnP 873601D8
Device \Driver\dmio \Device\DmControl\DmInfo 873601D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{806A0A96-79E4-4DB4-B6CF-8281BF394C17} 86DF1560
Device \Driver\usbuhci \Device\USBPDO-2 86E8F1D8
Device \Driver\usbuhci \Device\USBPDO-3 86E8F1D8
Device \Driver\usbehci \Device\USBPDO-4 86E621D8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873D11D8
Device \Driver\Cdrom \Device\CdRom0 86E2B980
Device \Driver\Cdrom \Device\CdRom1 86E2B980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000082 86DD2980
Device \Driver\USBSTOR \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000083 86DD2980
Device \Driver\USBSTOR \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 86DF1560
Device \Driver\NetBT \Device\NetbiosSmb 86DF1560
Device \Driver\00000060 \Device\0000005b sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 86E8F1D8
Device \Driver\usbuhci \Device\USBFDO-1 86E8F1D8
Device \Driver\usbuhci \Device\USBFDO-2 86E8F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86EDD8A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86EDD8A0
Device \Driver\usbuhci \Device\USBFDO-3 86E8F1D8
Device \Driver\usbehci \Device\USBFDO-4 86E621D8
Device \Driver\Ftdisk \Device\FtControl 873D11D8
Device \Driver\a8dxemv6 \Device\Scsi\a8dxemv61 86E12278
Device \Driver\a8dxemv6 \Device\Scsi\a8dxemv61 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\SI3114r \Device\Scsi\SI3114r1 8735F1D8
Device \Driver\a8dxemv6 \Device\Scsi\a8dxemv61Port3Path0Target0Lun0 86E12278
Device \Driver\a8dxemv6 \Device\Scsi\a8dxemv61Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 86F19980

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 858DF980

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -623746401
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1165571766
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x99 0x27 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0x59 0x73 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF1 0xC2 0x37 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN@khjeh 0x24 0x59 0x73 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x99 0x27 0xDF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0x59 0x73 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xE1 0xB5 0xDF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x99 0x27 0xDF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0x59 0x73 0x16 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF1 0xC2 0x37 0xE5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001.REN@khjeh 0x24 0x59 0x73 0x16 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{114866E9-7C82-20F7-16C3063A4CAB25A4}\{3FC78BFC-C5A7-A764-C3D11931F655D68A}\{CA848313-C322-9D26-10260A1412DD57C5}
Reg HKLM\SOFTWARE\Classes\CLSID\{114866E9-7C82-20F7-16C3063A4CAB25A4}\{3FC78BFC-C5A7-A764-C3D11931F655D68A}\{CA848313-C322-9D26-10260A1412DD57C5}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{28E9A2DF-E65E-D85A-85759F1A85229B2E}\{8098DB1F-177D-3A31-208A24FCBB357FA9}\{15CEB269-F259-C879-5DE6F8EB9C542703}
Reg HKLM\SOFTWARE\Classes\CLSID\{28E9A2DF-E65E-D85A-85759F1A85229B2E}\{8098DB1F-177D-3A31-208A24FCBB357FA9}\{15CEB269-F259-C879-5DE6F8EB9C542703}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4233ADD3-CD31-D295-804BA870321FDEF4}\{F4A8E5F3-7E68-2DD0-FA9D328203A7D1A7}\{07380252-9142-5EC5-94F639FC4AE64832}
Reg HKLM\SOFTWARE\Classes\CLSID\{4233ADD3-CD31-D295-804BA870321FDEF4}\{F4A8E5F3-7E68-2DD0-FA9D328203A7D1A7}\{07380252-9142-5EC5-94F639FC4AE64832}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}
Reg HKLM\SOFTWARE\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8472BA1A-B0FA-88F3-90386E614F860D47}\{66D81DF1-2E53-4A0F-1B744E2CE8CEDA56}\{65C0E586-2284-7A2C-F227063A6BD7FEE6}
Reg HKLM\SOFTWARE\Classes\CLSID\{8472BA1A-B0FA-88F3-90386E614F860D47}\{66D81DF1-2E53-4A0F-1B744E2CE8CEDA56}\{65C0E586-2284-7A2C-F227063A6BD7FEE6}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}
Reg HKLM\SOFTWARE\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}@G2ODBCSUISDKL2GJMZO1MJ5AUG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A86B5F7B-57BC-FDE1-4BA107CD048CA334}\{FAA6C91D-89D7-F6D7-A2ABB279A6F1429D}\{4006DA5B-3A8C-C500-035107788F07ACDE}
Reg HKLM\SOFTWARE\Classes\CLSID\{A86B5F7B-57BC-FDE1-4BA107CD048CA334}\{FAA6C91D-89D7-F6D7-A2ABB279A6F1429D}\{4006DA5B-3A8C-C500-035107788F07ACDE}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D169C69D-2513-7DBC-477F-3AB47DD3B349}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{D169C69D-2513-7DBC-477F-3AB47DD3B349}\InProcServer32@jacfpjecjmjkfpcmkjcf 0x6B 0x61 0x64 0x63 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FCCB8240-DCE2-E75D-AC14FD41A6B697E0}\{CCBBBFAF-D782-4243-9A223EC5C9E9D74B}\{381F6F0A-6948-72AB-150979187EC28E60}
Reg HKLM\SOFTWARE\Classes\CLSID\{FCCB8240-DCE2-E75D-AC14FD41A6B697E0}\{CCBBBFAF-D782-4243-9A223EC5C9E9D74B}\{381F6F0A-6948-72AB-150979187EC28E60}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}@iaafflmljookimjoon 0x6B 0x61 0x62 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}@hagelniplmdhhbdc 0x6B 0x61 0x62 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}@iagelnnojlepfmaiab 0x68 0x61 0x6E 0x65 ...

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 06: copy of MBR

---- EOF - GMER 1.0.14 ----

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 06 March 2009 - 01:14 PM

Hello.

The GMER log looks "okay". There are some things that could be removed but I doubt that will fix the problem you have currently.

You might want to run an Anti-spyware scan such as SuperAnti-Spyware

Download and Run SUPERAntiSpyware
We will run a scan with SuperAntiSpyware.
  • Download SUPERAntiSpyware to your desktop.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation. Delete the installer after use.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download and unzip them from here.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive (or whatever drive your system is installed on).
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
  • Make sure everything has a checkmark next to it and click Next.
  • A notification will appear saying that "Quarantine and Removal is Complete". Click OK and then click the Finish button to return to the main menu.
  • If asked if you want to reboot, click Yes.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Just one thing to try.

Go to start>>Run>> Type in "services.msc" (without quotes)

Scroll down where it says something like "Windows Firewall/Internet Connection Sharing (ICS)"
Double-click on it, then Stop it, if it has not already and change the "startup type" to disable it if it's not already like that.

After that, change it back to Start and the the "startup type" to Automatic.

Let me know how it goes and if Windows Firewall is still not functioning. We may need to let you start another topic in the HJT-malware removal Forum below.

Preparation Guide: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
HJT-Malware Removal forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
What to do when you have no reply for 5 days: http://www.bleepingcomputer.com/forums/t/176012/post-in-this-thread-when-you-havent-received-an-answer-in-five-days/

Post the results and answer(s) to my question before starting a topic in the HJT-Malware Removal forum. Please describe to me any problems you still have, if it's the same as the first post then it is not needed.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 killingyouguy

killingyouguy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 06 March 2009 - 05:46 PM

The Firewall is back. It happened somewhere between the Malwarebytes scan & the GMER scan. But the computer is still terribly slow and when I came to my computer this morning there were several errors; SpywareGuard had some error, and another window said error in DW20.exe and my Windows Live Messenger wasn't running. I tried to bring up the Windows Task Manager and it said I didn't have the authority (despite being admin), so I restarted. And the little window that pops up when you click shut down looked different (drop down menu instead of buttons). And I think that locked up and I had to restart (couldn't open IE either, or restart Messenger). Computer took over 1/2 an hour to boot up (which it's been doing recently) and here I am.

Anyway, I'll scan with that program now, just thought you should know the new info.

Edited by killingyouguy, 06 March 2009 - 05:48 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 06 March 2009 - 08:03 PM

Hello again.

Glad the Firewall is back. :thumbsup:

However, I think it would be better if you start another topic in the HJT-Malware Removal forum as I described in my previous post. You can still run SAS, just post the results with the DDS log. Read the preparation guide before starting a topic.

Preparation Guide: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
HJT-Malware Removal forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
What to do when you have no reply for 5 days: http://www.bleepingcomputer.com/forums/t/176012/post-in-this-thread-when-you-havent-received-an-answer-in-five-days/

Let me know how it goes and if you posted another topic so I can let a Mod close off this topic.

Good Luck!

With Regards,
Extremeboy

Edited by extremeboy, 06 March 2009 - 08:03 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 killingyouguy

killingyouguy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 06 March 2009 - 10:20 PM

I created a new thread here:

http://www.bleepingcomputer.com/forums/t/209015/slow-windows/

With the SAS & DDS logs.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 06 March 2009 - 10:46 PM

Hello.

Thanks for letting me know. I will let a MOD close this thread now.

Just a FYI. The Superanti-spyware scan did not find much except some "tracking-cookies" and one "Adware.Casino Games" infection which it removed. Nothing really major but that's all I'll say for now.

Please be patient as it may take some time before you get a reply.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:48 AM

Posted 06 March 2009 - 10:57 PM

Since you now have a log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users