Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

w32 spirit coolwebsearch/pc runnig slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

w32 spirit coolwebsearch/pc runnig slow

Unread postby tjdoby1 » July 2nd, 2011, 6:25 pm

ran scan of spycleaner gold turned up w32 spirit trojan and coolwebsearch MFPLAY.dll.PC IS RUNNING VERY VERY SLOW AND WEB PAGES BEING REDIRECTED. Here are my dds and attach txt logs,and hijackthis. msi .
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dobytj at 18:11:07 on 2011-07-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2039.1293 [GMT -4:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suc11_PrivacySweeper.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: BullGuard Safe Browsing: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
mRun: [Spy Watcher] "C:\PROGRA~2\SPYCLE~1\SpyWatcher.exe" -S
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
LSP: C:\Windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2D9E4748-CE29-413F-928D-CAE05C7D9BCE} : DhcpNameServer = 192.168.1.254
Handler: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
AppInit_DLLs: BgGamingMonitor.dll
BHO-X64: BullGuard Safe Browsing: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
BHO-X64: BullGuard Safe Browsing - No File
mRun-x64: [Spy Watcher] "C:\PROGRA~2\SPYCLE~1\SpyWatcher.exe" -S
AppInit_DLLs-X64: BgGamingMonitor.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dobytj\AppData\Roaming\Mozilla\Firefox\Profiles\m8cb1g77.default\
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AFW;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]
R1 BdSpy;BdSpy;C:\Windows\system32\DRIVERS\BdSpy.sys --> C:\Windows\system32\DRIVERS\BdSpy.sys [?]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\system32\DRIVERS\NSKernel.sys --> C:\Windows\system32\DRIVERS\NSKernel.sys [?]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\system32\DRIVERS\NSNetmon.sys --> C:\Windows\system32\DRIVERS\NSNetmon.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-7-2 353168]
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-6-15 381784]
R2 BsBrowser;BullGuard antiphishing service;C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv [2009-7-13 20992]
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 20992]
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-5-18 392536]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R3 afwcore;afwcore;C:\Windows\system32\DRIVERS\afwcore.sys --> C:\Windows\system32\DRIVERS\afwcore.sys [?]
R3 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-6-2 340312]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BgRaSvc;BgRaSvc;C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-5-18 161112]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-02 21:53:49 388096 ----a-r- C:\Users\dobytj\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-02 21:53:49 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-02 21:51:52 -------- d-----w- C:\Windows\System32\appmgmt
2011-07-02 20:02:19 -------- d-----w- C:\Users\dobytj\AppData\Roaming\IObit
2011-07-02 20:02:17 -------- d-----w- C:\Program Files (x86)\IObit
2011-07-01 14:42:49 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-07-01 14:42:45 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-07-01 14:31:53 -------- d-----w- C:\Windows\System32\SPReview
2011-07-01 14:28:56 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-01 14:27:53 -------- d-----w- C:\Users\dobytj\AppData\Roaming\SUPERAntiSpyware.com
2011-07-01 14:27:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-01 14:27:44 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-01 14:27:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-01 14:25:51 -------- d-----w- C:\Program Files\CCleaner
2011-07-01 03:09:59 488448 ----a-w- C:\Windows\System32\secproc.dll
2011-07-01 03:08:59 584192 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2011-07-01 03:06:59 93696 ----a-w- C:\Windows\SysWow64\fms.dll
2011-07-01 03:05:59 13312 ----a-w- C:\Windows\System32\C_ISCII.DLL
2011-07-01 03:04:21 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-01 03:04:21 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-01 02:57:33 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-01 01:06:36 -------- d-----w- C:\Program Files\CONEXANT
2011-07-01 01:05:20 -------- d-----w- C:\Program Files\Realtek
2011-07-01 01:05:19 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-07-01 00:59:07 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-01 00:59:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-01 00:59:06 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-01 00:59:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-01 00:59:05 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-06-30 23:50:39 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-30 23:50:39 -------- d-----w- C:\Windows\System32\Wat
2011-06-30 23:15:00 -------- d-----w- C:\ProgramData\WorldWinner.com
2011-06-30 23:13:19 -------- d-----w- C:\ProgramData\WorldWinner
2011-06-30 23:13:14 -------- d-----w- C:\Users\dobytj\AppData\Roaming\Worldwinner
2011-06-30 23:13:14 -------- d-----w- C:\Program Files (x86)\WorldWinner.com, Inc
2011-06-30 23:09:23 -------- d-----w- C:\Users\dobytj\AppData\Local\Mozilla
2011-06-30 23:06:41 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-30 23:06:41 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-30 20:08:21 -------- d-----w- C:\Windows\Panther
2011-06-30 19:12:27 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2011-06-30 17:27:04 80 --sh--r- C:\Windows\SysWow64\B2B94A1E40.dll
2011-06-30 17:25:39 -------- d-----w- C:\ProgramData\Protexis
2011-06-30 17:25:04 389120 ----a-w- C:\Windows\SysWow64\actskn43.ocx
2011-06-30 17:25:03 143360 ----a-w- C:\Windows\SysWow64\vbuzip10.dll
2011-06-30 17:25:01 147456 ----a-w- C:\Windows\SysWow64\Vbzip11.dll
2011-06-30 17:24:58 10752 ----a-w- C:\Windows\SysWow64\aamd532.dll
2011-06-30 17:24:54 368912 ----a-w- C:\Windows\SysWow64\vbar332.dll
2011-06-30 17:24:54 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2011-06-30 17:24:54 -------- d-----w- C:\Program Files (x86)\Spy Cleaner Gold
2011-06-30 17:24:53 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-06-30 17:21:20 -------- d-----w- C:\Users\dobytj\AppData\Roaming\Software Inspection Library
2011-06-30 17:10:43 -------- d-----w- C:\Users\dobytj\AppData\Roaming\BullGuard
2011-06-30 17:04:09 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 17:04:09 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-30 17:04:09 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-30 17:04:05 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-06-30 17:04:05 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-30 17:04:05 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-06-30 17:04:01 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-30 17:03:59 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-30 17:03:58 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-30 17:01:43 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-30 17:00:37 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-06-30 17:00:37 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-06-30 17:00:36 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-06-30 17:00:36 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-06-30 17:00:35 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-30 17:00:35 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-30 17:00:34 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-30 16:58:32 -------- d-----w- C:\ProgramData\BullGuard
2011-06-30 16:55:58 -------- d-sh--w- C:\Windows\Installer
2011-06-30 16:55:54 -------- d-----w- C:\Program Files\BullGuard Ltd
2011-06-30 16:49:10 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6328A3D-ED77-442D-A7E3-5214FC5845E7}\mpengine.dll
2011-06-30 16:49:06 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-30 04:40:51 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-06-30 04:40:51 -------- d-----w- C:\Windows\SysWow64\x64
2011-06-15 10:32:36 255560 ----a-w- C:\Windows\System32\drivers\NSKernel.sys
2011-06-15 10:32:36 25160 ----a-w- C:\Windows\System32\drivers\NSNetmon.sys
2011-06-15 10:32:32 66272 ----a-w- C:\Windows\System32\drivers\BdSpy.sys
2011-06-15 10:32:32 424040 ----a-w- C:\Windows\System32\drivers\afwcore.sys
2011-06-15 10:32:32 39528 ----a-w- C:\Windows\System32\drivers\afw.sys
2011-06-15 10:32:32 284232 ----a-w- C:\Windows\System32\drivers\Trufos.sys
.
==================== Find3M ====================
.
2011-07-01 14:45:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-01 14:45:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-23 14:55:38 109912 ----a-w- C:\Windows\System32\BgGamingMonitor.dll
2011-05-23 14:55:36 100184 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-19 13:43:16 152920 ----a-w- C:\Windows\SysWow64\BGLsp.dll
2011-04-14 12:09:00 176472 ----a-w- C:\Windows\System32\BGLsp.dll
.
============= FINISH: 18:12:54.05 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2011 12:37:55 AM
System Uptime: 7/2/2011 1:45:08 AM (17 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Lancaster8
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 115.066 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.025 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP10: 7/1/2011 10:30:59 AM - Windows 7 Service Pack 1
RP11: 7/1/2011 11:16:32 AM - Windows Update
RP12: 7/1/2011 11:27:33 AM - Windows Update
RP13: 7/1/2011 3:55:40 PM - Windows Update
RP14: 7/1/2011 6:05:24 PM - Windows Update
RP15: 7/2/2011 5:31:26 PM - Installed HiJackThis
RP16: 7/2/2011 5:51:18 PM - Removed HiJackThis
RP17: 7/2/2011 5:53:09 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Advanced SystemCare 4
HiJackThis
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Mozilla Firefox 5.0 (x86 en-US)
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Spy Cleaner Gold 9.5
SpywareBlaster 4.4
WorldWinner Games
.
==== Event Viewer Messages From Past Week ========
.
7/1/2011 4:39:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/1/2011 11:19:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2547666).
6/30/2011 9:11:46 PM, Error: Service Control Manager [7023] -
6/30/2011 8:49:03 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
6/30/2011 8:48:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
6/30/2011 8:48:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2533552).
6/30/2011 6:56:14 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
6/30/2011 12:14:03 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.
.
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:04 PM, on 7/2/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~2\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
O20 - AppInit_DLLs: BgGamingMonitor.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5863 bytes
appreciate any help you can give with removal of possible infections,thanks :blackeye: Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:04 PM, on 7/2/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~2\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
O20 - AppInit_DLLs: BgGamingMonitor.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5863 bytes
appreciate any help with removal of possible infections.Thanks
tjdoby1
Active Member
 
Posts: 2
Joined: June 29th, 2011, 11:02 am
Advertisement
Register to Remove

Re: w32 spirit coolwebsearch/pc runnig slow

Unread postby MWR 3 day Mod » July 6th, 2011, 9:16 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: w32 spirit coolwebsearch/pc runnig slow

Unread postby NonSuch » July 9th, 2011, 3:30 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 338 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware