virus trouble, now weird problems

Dell / ...
April 4, 2009 at 11:05:43
Specs: XP, P4 2.4 1GB
Hi
I got infected with some spyware\adware and I've been trying to remove it for a couple of days. I think I got all I can get so I was wondering if I could get a little help with the rest.
There must be more because I have some weird things happening. I cannot browse to any websites that have any online scanners - when I type in the URL ( www.bitdefender.com for example), it comes up as "Page Cannot Be Displayed". But I can browse to other sites no problem. Others I have tried but cannot get into are the Norton Online scanner, the McAfee Online Scanner, Trend Micro Housecall - they all come up as "page cannot be displayed". If I search for the sites in Google, it finds them but if I click on them it wont' take me to them.

Another problem is that when I try to run Spybot, I click on it to start the program and it won't start...nothing happens. This also happens when I try to start combofix.exe.

I can get antivirus programs installed, but it wont allow me to update any of them. They all say 'no internet connection found' when I try to update them. This happened with AVG Free, McAfee VirusScan Plus and also AdAware AE ( not antivirus program, but same thing happened.)

I have a HiJackThis log....if anybody wants to check it out, let me know.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 12:45:06 PM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7D63DFA9-BC97-4E9D-B5C4-166424DFB862} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C738F3D2-1891-449D-AE67-D1969094F1DF} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?f80578cb42db4f8d83a8c9b57afa36ed
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?f80578cb42db4f8d83a8c9b57afa36ed
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {2F6C871E-EC27-4ABF-9E2C-CD34028BF69C} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2F6C871E-EC27-4ABF-9E2C-CD34028BF69C} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1D3ADB9C-2E6D-4D16-BAE4-E51B03065456} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D3ADB9C-2E6D-4D16-BAE4-E51B03065456} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2F6C871E-EC27-4ABF-9E2C-CD34028BF69C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2F6C871E-EC27-4ABF-9E2C-CD34028BF69C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {77D3D3CC-0DA8-4F55-80D3-7ACF4EA9E095} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77D3D3CC-0DA8-4F55-80D3-7ACF4EA9E095} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0835B83-E96E-4AC9-9067-5EDE526814B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0835B83-E96E-4AC9-9067-5EDE526814B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B41A97B2-93D8-4BC6-B76E-0909E3BB9DF3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B41A97B2-93D8-4BC6-B76E-0909E3BB9DF3} - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.c...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/res...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binar...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ihdt27f35gmne2.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkkIArpN - jkkIArpN.dll (file missing)
O20 - Winlogon Notify: __c00FE293 - C:\WINDOWS\system32\__c00FE293.dat (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IWI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DARLEN~1\LOCALS~1\Temp\IWI.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


See More: virus trouble, now weird problems

Report •


#1
April 4, 2009 at 18:18:35
Hi homer,

You have a lot of error on your computer thats for sure! If you find that antivirus websites won't load, try going into internet explorer settings, connections, then lan settings. Unless your running on a business network you shouldn't have any proxy servers setup. If you do, disable then and try again.

The only thing that sticks out is the "ihdt27f35gmne2.dll.dll.dll.dll.dl......" file. If you zip the file and email it me I'll analyze is for you. malware AT rising-uk.com


Also, Kindly follow these steps.

1. Download Malwarebytes Anti-Malware.
2. Double click mbam-setup.exe to install the application.
3. Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
4. Select "Perform Quick Scan", then click Scan.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
8. The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab.
9. Please be sure to paste the content of this log file with your post.

1. Use an online system scanner to double check for malware on your computer.
2. You can use ASquared, HouseCall, ESET
3. If malware is detected and your are given the option to remove it, go ahead and do so.
4. Remember to post the results of your system scan.

Let me know how you get on

Regards,
Rising UK PC Security @ Rising-UK.com


Report •

#2
April 4, 2009 at 21:02:46
Thanks for the reply.
I moved the infected hard drive to another computer where I was able to run MalwareBytes which cleaned it enough that it worked in the original machine. From there, I was able to run all the different scans.
Thanks for your help!

ps. sorry I posted a hijackthis without being asked...I didn't realize I wasn't allowed to do this.


Report •

#3
April 4, 2009 at 21:51:49
Glad to hear you have solved your problem.

Regards,
Rising UK PC Security @ Rising-UK.com


Report •

Related Solutions


Ask Question