Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

comp problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

comp problems

Unread postby johnjameson » November 25th, 2008, 6:32 am

My computer will not update any of its AVG software. I cannot visit certain web pages to update any form of security updates or windows updates. I either get disconnected or rerouted. Also never had pop ups but now they are more frequent. Don't know much about this stuff. I tried to handle it personally, but I do not know if I made it better or worst. I switched to Moazilla from explorer its a bit faster but same problems still occur. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:06 AM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsps.exe] C:\WINDOWS\system32\kdsps.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2887 bytes
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am
Advertisement
Register to Remove

Re: comp problems

Unread postby Sharagoz » November 25th, 2008, 3:30 pm

Hello johnjameson, welcome to MWR.
Please take note of the following before we begin the cleaning process:
  • The whole process will often take several days to complete, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

1) Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Include this log in your next reply

2) Get a new HiJackThis log
  • Launch Hijackthis
  • Click on the Do a system scan and save a logfile button
  • HJT will run a scan and a log will open in Notepad
  • Include this log in your next reply

I tried to handle it personally, but I do not know if I made it better or worst.

What kind of things did you do to try and solve the problems yourself, besides switching from Internet Explorer to Firefox?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby johnjameson » November 26th, 2008, 4:58 pm

Some of things i attempted to do on my own was run my AVG software and deleted a bunch of cookies. I completely deleted everything in my temp folder. I also tried running hijack and had some things that didn't look familiar to be fixed. It helped with the pop ups a bit but i cant get any type of anti virus material or windows update stuff.

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AVG Free 8.0
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
NETGEAR GA311 Smart Wizard Utility
PCI Audio Applications
PCI Audio Driver
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
USB 2.0 Setup program
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:35 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\tempo-175.tmp
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Kirwan\Desktop\install_flash_player.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsps.exe] C:\WINDOWS\system32\kdsps.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2633 bytes
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am

Re: comp problems

Unread postby Sharagoz » November 26th, 2008, 5:59 pm

I have prepared a fix for you and posted it for approval.
As I am only an undergrad at this uni I need to have all my fixes approved by a teacher before they can be posted.
The downside with this is that things take a little more time. The upside is that you'll have two set of eyes checking your logs, so you can be sure nothing will be missed, and the teachers here are among the best malware removers you'll find anywhere, online or not, so you can feel confident you are in the right hands.
The initial waiting time can take anything from 1 to 48 hours, depending on how busy the teachers are, so please stay patient.
Once a teacher finds a free slot we'll be on our way to a clean computer, and the subsequent replies will usually be faster.
In the top left corner of your opening post there is a link called Subscribe topic. If you click it you will be subscribed to this thread and will receive instant email notification of new replies. For most people this works better than periodically checking back here to see if there's any new posts.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby Sharagoz » November 27th, 2008, 1:57 pm

Most of the listed entries in HiJackThis are not related to malware and should you accidently fix legitimate entries, your computer might start to behave unexpectedly. We have to restore all fixed HiJackThis entries before we can proceed with cleaning. The malware problems you are experiencing may worsen after this, but its needed in order to complete a proper removal procedure. Some of the tools we use work ineffectivly if an infection is partially removed and partially removed infections are harder for us to identify.

I would also like to ask that you dont run any more fixes on your own while working with me, because it causes confusion when unexpected changes show up in logs and makes my job more difficult.

1) Restore HJT entries
  • Launch HiJackThis
  • Click the View the list of backups button
  • Select everything on the list and click the restore button.
  • Click OK at the prompt and then restart your computer.

2) Post new HiJackThis log
  • Launch Hijackthis
  • Click on the Do a system scan and save a logfile button
  • HJT will run a scan and a log will open in Notepad
  • Include this log in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby johnjameson » November 28th, 2008, 11:00 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:35 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsps.exe] C:\WINDOWS\system32\kdsps.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0201EA09-804D-4681-BCFC-07B6A97E2735}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2644 bytes
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am

Re: comp problems

Unread postby Sharagoz » November 29th, 2008, 1:33 pm

Disable AVG before running the next procedure.
If you're unsure how to do this, you can find instructions here.

1) Download and Run ComboFix
  • Visit this webpage for download links and and instructions on how to properly run ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Make sure you install the recovery consol as instructed beforehand
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

Enable AVG again.

2) Get a new HiJackThis log
  • Launch Hijackthis
  • Click on the Do a system scan and save a logfile button
  • HJT will run a scan and a log will open in Notepad
  • Include this log in your next reply

Logs I need:
ComboFix log
New HJT log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby johnjameson » December 2nd, 2008, 5:12 am

Thanks for the help thus far. I am currently having a problem installing windows xp recovery console. I have inserted my windows CD and attempted to run the program it prescribes. However, it says that I cannot since my version of windows I am running is more updated than the one presented on my CD. So in order to continue I think I would have to reformat my computer or some how return to a less updated form of windows I believe. So I'm sort of stuck. What should I do?
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am

Re: comp problems

Unread postby Sharagoz » December 2nd, 2008, 4:24 pm

Ok, then install the recovery console with the help of ComboFix instead.
The instructions on how to do this can be found in the tutorial below the section that starts with "If you use Windows XP and do not have the Windows CD".
(It requires that you've already downloaded ComboFix.exe to your desktop).
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby johnjameson » December 4th, 2008, 1:21 am

I tired to do it but this is where the malware kicks in. It wont let me update anything from windows or microsoft websites. it just says its timed out and I cant access the download at all. Frustrating.
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am

Re: comp problems

Unread postby Sharagoz » December 4th, 2008, 5:50 pm

Can you get the installation package onto the infected computer by downloading it to a clean machine and transfering it using a CD or USB memory stick?
If not, answer my questions below and I will see if I can find an alternative way of getting the recovery console installed.
What is the language of your operating system?
Is it XP home edition or XP professional?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby johnjameson » December 5th, 2008, 11:27 pm

yes I think I can do that. I will try that tonight. My comp is Windows XP Home Edition.
johnjameson
Active Member
 
Posts: 6
Joined: November 25th, 2008, 6:19 am

Re: comp problems

Unread postby Sharagoz » December 11th, 2008, 7:05 pm

Hi
How is it going?
Do you still need help with this problem?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: comp problems

Unread postby NonSuch » December 14th, 2008, 5:15 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware