got a virus i cant see

[Warrior-Paine]

well some websites when i click on em takes 15 to 20 seconds or more. like a pause. and when i run some programs they decide to lock up and i have a heck of a hard time shutting down things in the task manager as windows is trying to open another window to continue to try it even after i shut down the not responding program. havnt had the problom untill around 4 to 5 days ago.

[Warrior-Paine]

well some websites when i click on em takes 15 to 20 seconds or more. like a pause. and when i run some programs they decide to lock up and i have a heck of a hard time shutting down things in the task manager as windows is trying to open another window to continue to try it even after i shut down the not responding program. havnt had the problom untill around 4 to 5 days ago.

[Lisandro]

havnt had the problom untill around 4 to 5 days ago.

I suggest, at least, the general cleaning procedure.

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[Warrior-Paine]

Hello i have a question how do i go and disable the retore program?

also will those programs work or conflict with what i have installed on my computer looking for trojans and spyware? i have spybot,adaware and maleware.

[Lisandro]

Hello i have a question how do i go and disable the retore program?

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

also will those programs work or conflict with what i have installed on my computer looking for trojans and spyware? i have spybot,adaware and maleware.

No, they won't conflict. I don't know a program called maleware.

[oldman]

Before you disable system restore, I'd like to try one more scanner.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:

     -Tools->Options->Main tab
     -Set to "Always ask me where to Save the files".

• During the download, rename Combofix to Combo-Fix as follows:

• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
  
  -----------------------------------------------------------

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you. 
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
  

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[Warrior-Paine]

very well i will download combo-fox however i am still having trouble downloading what tech asked me to download. i am going to try a reboot.

[Warrior-Paine]

i am only having trouble downloading spyterminator.

the others i am downloading now.

[Warrior-Paine]

the only problom i am having is with spyware blaster other then that everything else is downloaded or being downloaded

[TedNelly]

Here are a couple of direct download links supplied by MajorGeeks.com that may help

SpywareBlaster 4.0
Download SpywareBlaster from the USA
Spyware Terminator 2.1.1.314
Download Spyware Terminator from the Author's Site

[Warrior-Paine]

ok here is the first log on combo-fix

ComboFix 08-03-23.4 - Ritalee 2008-03-23 21:35:38.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.109 [GMT -7:00]Running from: C:\Documents and Settings\Ritalee\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF7200.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* 
CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" 
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" 
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" 
VFind -tf -s282624 "C:\Program Files\??*[0-9].dll" 
CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" 
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" 
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

[Warrior-Paine]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000111_.tmp.dll
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-02-24 to 2008-03-24  )))))))))))))))))))))))))))))))
.

2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Documents and Settings\Ritalee\Application Data\Malwarebytes
2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-23 00:45 . 2008-03-23 00:45   <DIR>   d--------   C:\Program Files\CleanUp!
2008-03-22 23:01 . 2007-12-04 04:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-03-22 23:01 . 2007-12-04 06:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 23:01 . 2007-12-04 06:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 23:01 . 2007-12-04 06:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 23:01 . 2007-12-04 06:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 23:01 . 2007-12-04 06:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 23:00 . 2007-12-04 05:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-03-22 23:00 . 2004-01-09 01:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-03-22 20:41 . 2008-03-22 20:41   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-03-22 20:39 . 2007-03-29 05:56   409,600   ---------   C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-22 20:39 . 2007-03-29 05:56   18,944   ---------   C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-22 20:39 . 2007-03-29 05:56   8,192   ---------   C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\bitsprx4.dll
2008-03-22 17:39 . 2008-03-22 17:39   <DIR>   d--------   C:\Deckard
2008-03-22 16:10 . 2008-03-22 16:10   <DIR>   d--------   C:\Program Files\Trend Micro

[Warrior-Paine]

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 04:46   45,348,896   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 03:09   531,908   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 23:18   ---------   d-----w   C:\Program Files\ICQToolbar
2008-03-21 05:26   1,507,840   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-20 11:47   1,505,792   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-20 06:25   ---------   d-----w   C:\Documents and Settings\Ritalee\Application Data\U3
2008-03-20 00:49   2,465,792   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-11 08:26   20,030   -c--a-w   C:\Documents and Settings\Ritalee\Application Data\wklnhst.dat
2008-02-26 05:26   21,840   -c--atw   C:\WINDOWS\system32\SIntfNT.dll
2008-02-26 05:26   17,212   -c--atw   C:\WINDOWS\system32\SIntf32.dll
2008-02-26 05:26   12,067   -c--atw   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 08:35   ---------   d-----w   C:\Program Files\Diablo II
2008-02-21 18:49   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 17:30   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:24   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-11 07:12   ---------   d-----w   C:\Program Files\music_now
2008-01-19 19:26   17,792,022   -c--a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-11 05:53   44,544   ----a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-05-25 00:52   2,830,336   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2007-05-25 00:52   1,624,576   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2007-05-01 15:16   3,077,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2007-04-27 08:49   488   -c--a-w   C:\Documents and Settings\Sara Hope\Application Data\wklnhst.dat
2007-03-05 03:24   0   -c--a-w   C:\Documents and Settings\Pillar Of Winter\Application Data\wklnhst.dat
2007-02-16 11:08   2,832,896   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2007-02-16 11:08   1,744,384   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2007-02-13 19:22   1,738,752   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2007-01-31 06:10   411,648   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2007-01-31 06:10   1,713,664   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2007-01-31 02:05   2,724,352   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2007-01-27 08:30   1,702,912   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2007-01-26 01:58   4,502,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2006-11-30 02:47   1,588,736   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2006-09-26 03:27   1,429,504   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2006-09-26 03:10   1,428,992   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2006-09-16 00:46   1,404,928   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2006-07-30 23:53   1,301,504   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2006-07-29 09:53   834,048   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2006-07-29 09:53   1,291,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-09-24 08:49   12,288   ----a-w   C:\WINDOWS\Fonts\RandFont.dll
1999-07-19 04:05   15,716   -c--a-w   C:\WINDOWS\inf\i386\Pmxscan.sys
2006-06-09 12:22   22   -csha-w   C:\WINDOWS\SMINST\HPCD.sys

[Warrior-Paine]

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-18 09:10   262144   --a------   C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-18 09:10 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-18 09:10 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 05:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:47 827392]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 09:30 503808]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 12:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 11:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 11:23 1187840]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" [2005-04-26 02:02 118837]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-21 22:39 282624]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

[Warrior-Paine]

C:\Documents and Settings\Sara Hope\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-07-09 12:34:46 225280]

C:\Documents and Settings\Ritalee\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 02:39:30 73728]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-07-13 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 03:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a--c--- 2006-07-21 03:23 1110016 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-21 22:39 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
--a------ 2006-06-07 10:18 140880 C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe