|
-
August 28th, 2008, 04:12 PM
#1
back again, HJT can someone check please?
Hey guys and gals, I am back once again. My XP partition of my computer keeps slowing down at points, and then it will be fine, and then do it again, and then be fine.
The other day, I ran Malwarebytes anti malware like usual, in my vista partition, and it picked up 2 servauth1.dll and servauth2.dll files as trojans. So I got rid of them, restarted and everything was fine. Now, last night, it was acting up again, and I meant to run malware bytes again, but I forgot and shut the computer down. Upon turning on the computer today, it was slow as all get out, like it has been before. And as usual no way to get into xp without being in Safe mode with networking enabled.
So... long story short, here is the HJT logfile in safe mode under the admin account.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:16 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "D:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [SoundMax] "D:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - D:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
--
End of file - 4408 bytes
-
August 28th, 2008, 07:19 PM
#2
Time to start from scratch again.
Print these instructions out.
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebyt...are_d5756.html to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
3. Post new HijackThis log.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
August 28th, 2008, 07:48 PM
#3
I might want to add, that My XP partition is on the D drive, and I am posting from my vista partition, which is the C Drive, and right now, when I usually have issues with XP, I go to the Vista partition and everything is fine.
So if I do "On the left, make sure you check C:\Fixed Drive." That should not make any difference if it says D:\Fixed Drive? Or will I need to check both the C and D if they are present?
-
August 28th, 2008, 10:05 PM
#4
Put down whatever partition you want to check.
BTW, HJT has to be run in Normal, not Safe mode.
-
August 28th, 2008, 10:20 PM
#5
Yeah, I know that, but the only way to even get XP to respond is only through safe mode.
-
August 28th, 2008, 10:27 PM
#6
If you go with instructions posted by Train, you're supposed to run Superantispyware first, and it has be run in Safe Mode.
When done, restart, and see, if you can perform two other scans in Normal Mode.
-
August 29th, 2008, 01:14 AM
#7
Ok, here is where the problem comes in, yet again. Following the steps above, I was able to quickly install the SUPERAnti Spyware program above. As soon as it finished installing computer became unresponsive.
Now, I reboot in safe mode after disconnecting from the internet. Run the program, and it finds 108 tracking cookies, and that is all. Will post log in a second.
Secondly, I reboot back into Normal mode for XP. Again, I try to open SUPERAnti Spyware program, I get to the log opening, and again computer becomes unresponsive. Even though Task manager shows 0% cpu usage. Also, not even connected to the internet.
So in order to continue the steps, I need to be in normal mode and scan with Malwarebytes which I always do anyways. But since I can not get into Normal mode, I am now stuck.
Anyways, here is the SUPERAnti Spyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/29/2008 at 00:37 AM
Application Version : 4.20.1046
Core Rules Database Version : 3541
Trace Rules Database Version: 1530
Scan type : Complete Scan
Total Scan Time : 01:31:18
Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 4439
Registry threats detected : 0
File items scanned : 42757
File threats detected : 108
Adware.Tracking Cookie
D:\Documents and Settings\Peter Cox\Cookies\peter cox@doubleclick[1].txt
.questionmarket.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.questionmarket.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.kontera.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.kontera.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adbrite.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adbrite.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adbrite.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adbrite.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.specificclick.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.tribalfusion.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.viacom.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.viacom.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.viacom.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.viacom.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.viacom.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
cache.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
cache.trafficmp.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.247realmedia.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.interclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.interclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.interclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.interclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.interclick.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adlegend.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adlegend.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.insightexpressai.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.adserver.adtechus.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.bs.serving-sys.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.chitika.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.gametracker.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.gametracker.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.xiti.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.imrworldwide.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.imrworldwide.com [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Users\TheCox\AppData\Roaming\Mozilla\Firefox\Profiles\xq79yju6.default\cookies.txt ]
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@imrworldwide[2].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@insightexpressai[2].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@specificclick[1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@precisionclick[1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@apmebf[1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@collective-media[1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\thecox@atwola[1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\TheCox\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
-
August 29th, 2008, 01:48 AM
#8
Ok, so after working on it somemore. I am able to get the Normal Mode of XP to give me a log of HJT before the computer becomes unusable. Now, I can not scan with malwarebytes because of this in normal mode still. All it does is sit there saying preparing to scan, and the timer will count up but that is all it does.
After looking at the log, I can not really see any infections at all, or anything that would be suspicious. But you guys know more than I do, so please tell me if you see anything that I missed.
So here is the log of the HJT before the computer became unusable again:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:16 AM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ThreatFire\TFService.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Lexmark 7100 Series\lxbxmon.exe
D:\Program Files\Analog Devices\SoundMAX\smax4.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\lxbxcoms.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\PROGRA~1\AVG\AVG8\avgupd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://owa.ocps.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXBXCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "D:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [SoundMax] "D:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: *.convergys.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - D:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
--
End of file - 5493 bytes
-
August 29th, 2008, 08:13 PM
#9
Update, I boot into normal mode of XP, and 2x now, I have been able to get the web browser to open up, and stay usable for about 2-3 minutes, before it becomes unresponsive again.
I might just reformat the thing if it comes to it. Don't want to, but I will if it is necessary.
Last edited by TheCox; August 29th, 2008 at 08:19 PM.
-
August 29th, 2008, 08:22 PM
#10
I see nothing dangerous.
How long ago did this problem start? Any relationship to upgrading/installing AVG 8.0?
-
August 29th, 2008, 08:51 PM
#11
I think so. I think that is when I started getting all these problems. I can't be for certain though.
The funny thing is, is even when I disconnect from the internet, it still hangs, so I do not know if it is a trojan or what. But I am backing up the essentials right now, and probably going to reformat the XP partition tonight.
Question, if I have my laptop's reinstall cd that I got from dell, can I use that to reinstall XP on my custom built desktop?
-
August 29th, 2008, 10:58 PM
#12
Disconnecting from the Internet has nothing to do with AVG.
Uninstall AVG, and see, if things will get better.
-
August 30th, 2008, 12:28 AM
#13
Wow, I booted into safe mode, and I uninstalled AVG 8.0 and now it is working perfectly fine in Normal mode.
I'll be damned. Never thought it would be a program like AVG being the culprit.
-
August 30th, 2008, 12:31 AM
#14
Unfortunately, AVG 8.0 has been a pain since it was released.
I'm glad, it worked 
Surely, you can't be without AV. Get one of these:
- Avira free antivirus: http://www.free-av.com/en/download/index.html
- Avast! free antivirus: http://filehippo.com/download_avast_antivirus/
-
August 30th, 2008, 12:36 AM
#15
Broni and train, what would I do without you guys? Or girls if you are =P
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
