pari588
asked on
Download issues?
I am having downloading issues. i use cable internet.
when i am downloading directly , i do not get any speeds and it gets stuck half way during the download and times out. it happens for all the direct download websites such as download.com etc. i currently use firefox as my browser. i tried downloading though internet explorer and chrome - but the same problem arises.
this happens only in direct download. downloading through torrents works perfectly, also get full speed on that.
also i just uninstalled my antivirus software - was using symantec antivirus.
also disabled my firewall
but still - no changes
please help.
browsing the internet works perfect. but downloads are the only problem
thanks
when i am downloading directly , i do not get any speeds and it gets stuck half way during the download and times out. it happens for all the direct download websites such as download.com etc. i currently use firefox as my browser. i tried downloading though internet explorer and chrome - but the same problem arises.
this happens only in direct download. downloading through torrents works perfectly, also get full speed on that.
also i just uninstalled my antivirus software - was using symantec antivirus.
also disabled my firewall
but still - no changes
please help.
browsing the internet works perfect. but downloads are the only problem
thanks
ASKER
i am already using getright
but there's no effect on that too
it used to work perfectly before though.
but there's no effect on that too
it used to work perfectly before though.
have you tried emptying browser cache ?
I faced many problems earlier using the shareware version of GetRight in the last month, whils it didn't occur with other download managers.
ASKER
i use ccleaner and atf-cleaner to clear all my browser dns, cache and cookies other than clearing directly from the browser itself
i have the licensed getright pro copy
i also have internet download manager licensed copy
but its still the same problem. it used to work before though
also tried downloading through windows safe mode - but still the problem is there
but as mentioned earlier - it downloads perfectly with full speed on torrent - using azureus as the torrent client
i have the licensed getright pro copy
i also have internet download manager licensed copy
but its still the same problem. it used to work before though
also tried downloading through windows safe mode - but still the problem is there
but as mentioned earlier - it downloads perfectly with full speed on torrent - using azureus as the torrent client
Could be malware related , could you please post a hijack this log .
ASKER
** log file moved to snippet below - b0lsc0tt **
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:17 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pari588.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
--
End of file - 6650 bytes
hijackthis---pari588.log
I can see this in the log that needs cleanup, not neccessarily malware related but you can do without
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B A8D5E23E04 5} - (no file)
O4 - HKLM\..\Policies\Explorer\ Run: []
fix those using Hijack this.
also, have you noted any relevant errors logged in event viewer applications or systems tab?
start>run>eventvwr.msc
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O4 - HKLM\..\Policies\Explorer\
fix those using Hijack this.
also, have you noted any relevant errors logged in event viewer applications or systems tab?
start>run>eventvwr.msc
ASKER
Fresh HJT logs
** log moved to snippet below - b0lsc0tt **
i do notice errors in the event viewers - not sure though - posting a screenshot of my event viewer
** log moved to snippet below - b0lsc0tt **
i do notice errors in the event viewers - not sure though - posting a screenshot of my event viewer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:55 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pari588.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
--
End of file - 6712 bytes
eventviewer-screenshot-pari588.png
please right click the applications log and save it as applications with the extension .EVT
please rename the extension to .TXT
also please do the same with Systems event log
rename to something.txt , compress both TXT files using Winzip or similar utility & attach it here
please rename the extension to .TXT
also please do the same with Systems event log
rename to something.txt , compress both TXT files using Winzip or similar utility & attach it here
ASKER
i have attached the application and system event log (compressed) as told.
Event-Viewer-Log-file.zip
Event-Viewer-Log-file.zip
the most related error IMO is related to SAV client , you need to make sure Symantec Antivirus client is properly installed & running the latest version of the program.
uninstall & reinstall if you have to, some components are currently corrupt.
there is also Event ID 51 originated from DISK
this usually either means a hard disk error or a physical bad block, and could be a direct cause of this issue especially when downloading larger files
please try the below
start>run>Chkdsk C: /F
Chkdsk D: /F
for as many partitions as you have
if chkdsk fails to check the disk and prompts to schedule the scan on system restart please choose yes (Y)
reboot and let it do its thing
Also Symantec indicates it has detected hundreds of infections mostly in crack files of some software , there are some rootkits involved, W32.SillyFDC Worm & some PWS trojans
although the Hijack this log shows no existing infection ,but maybe there is system file corruption caused by previous infections. I would suggest you uninstall Symantec AV completely & go for something like Avira
as well as Malwarebytes antimalware & SuperAntiSpyware , just to confirm your system is now clean.
after updating the antivirus, disable system restore for now before runnign a full scan
http://support.microsoft.com/kb/310405
Also just to be sure the Rootkit file is gone C:\windows\system32\driver s\klif.sys
please download & run Combofix
kindly post the logs back for MBAM & Combofix, as well as a fresh Hijack this log
finally, as it appears there is a bunch of malware coming through removable drives (flash/thumb drives,etc..)
please download & run the tool Flash disinfector, which will disinfect your computer & removable devices, and immunize them against similar threats.
hope this helps.
uninstall & reinstall if you have to, some components are currently corrupt.
there is also Event ID 51 originated from DISK
this usually either means a hard disk error or a physical bad block, and could be a direct cause of this issue especially when downloading larger files
please try the below
start>run>Chkdsk C: /F
Chkdsk D: /F
for as many partitions as you have
if chkdsk fails to check the disk and prompts to schedule the scan on system restart please choose yes (Y)
reboot and let it do its thing
Also Symantec indicates it has detected hundreds of infections mostly in crack files of some software , there are some rootkits involved, W32.SillyFDC Worm & some PWS trojans
although the Hijack this log shows no existing infection ,but maybe there is system file corruption caused by previous infections. I would suggest you uninstall Symantec AV completely & go for something like Avira
as well as Malwarebytes antimalware & SuperAntiSpyware , just to confirm your system is now clean.
after updating the antivirus, disable system restore for now before runnign a full scan
http://support.microsoft.com/kb/310405
Also just to be sure the Rootkit file is gone C:\windows\system32\driver
please download & run Combofix
kindly post the logs back for MBAM & Combofix, as well as a fresh Hijack this log
finally, as it appears there is a bunch of malware coming through removable drives (flash/thumb drives,etc..)
please download & run the tool Flash disinfector, which will disinfect your computer & removable devices, and immunize them against similar threats.
hope this helps.
If you are running Symantec firewall software, it will block port 80 and 25 traffic if the definitions fall out of date.
ASKER
Extremely sorry for the delay
made the changes as told in the earlier post
i have completely uninstalled symantec antivirus
installed antivir antivirus
installed malwarebytes anti malware
posting the logs for combofix , MBAM and HJT
** see snippet for ALL logs - b0lsc0tt **
made the changes as told in the earlier post
i have completely uninstalled symantec antivirus
installed antivir antivirus
installed malwarebytes anti malware
posting the logs for combofix , MBAM and HJT
** see snippet for ALL logs - b0lsc0tt **
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:23 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pari588.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - Avira GmbH - (no file)
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
--
End of file - 7610 bytes
----------------------
ComboFix 09-03-15.01 - Pari 2009-03-17 16:41:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1449 [GMT 5.5:30]
Running from: c:\documents and settings\Pari\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2fiy.bat
D:\2fiy.bat
E:\2fiy.bat
F:\2fiy.bat
G:\2fiy.bat
H:\2fiy.bat
I:\2fiy.bat
J:\2fiy.bat
N:\2fiy.bat
.
((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.
2009-03-17 03:53 . 2009-03-17 03:53 <DIR> d-------- c:\documents and settings\Pari\Application Data\Avira
2009-03-17 03:51 . 2009-03-17 03:51 <DIR> d-------- c:\program files\Avira
2009-03-17 03:51 . 2009-03-17 03:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-16 04:17 . 2009-03-16 04:20 452 --a------ c:\windows\WINCMD.INI
2009-03-15 16:20 . 2009-03-15 16:20 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-03-15 16:20 . 2009-03-15 16:20 <DIR> d-------- c:\program files\Common Files\SYMANT~1
2009-03-13 02:31 . 2009-03-17 04:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 02:31 . 2009-03-13 02:31 <DIR> d-------- c:\documents and settings\Pari\Application Data\Malwarebytes
2009-03-13 02:31 . 2009-03-13 02:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 02:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 02:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 02:24 . 2009-03-15 13:49 46,640 --a------ c:\windows\system32\msln.exe
2009-03-13 01:05 . 2009-03-16 14:41 <DIR> d-------- C:\Downloads
2009-03-13 01:00 . 2009-03-16 14:53 <DIR> d-------- c:\program files\GetRight
2009-03-13 01:00 . 2009-03-13 01:01 <DIR> d-------- c:\documents and settings\Pari\Application Data\GetRight Pro
2009-03-11 02:07 . 2008-12-05 12:24 144,896 -----c--- c:\windows\system32\dllcache\schannel.dll
2009-03-02 03:08 . 2009-03-02 03:08 <DIR> d-------- c:\program files\Turbo Tube
2009-02-25 06:33 . 2008-06-18 00:32 8,461,312 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-02-22 03:10 . 2009-02-22 03:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-02-22 03:09 . 2009-02-22 03:09 <DIR> d-------- c:\windows\Logs
2009-02-22 03:06 . 2009-02-22 03:09 <DIR> d--h----- c:\program files\Zero G Registry
2009-02-22 03:04 . 2009-02-22 03:04 <DIR> d--h----- c:\documents and settings\Pari\InstallAnywhere
2009-02-22 03:03 . 2009-02-22 03:14 <DIR> d-------- c:\documents and settings\Pari\Application Data\Sports Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 11:14 --------- d-----w c:\documents and settings\Pari\Application Data\Azureus
2009-03-17 10:50 --------- d-----w c:\documents and settings\Pari\Application Data\Vso
2009-03-16 15:19 --------- d-----w c:\documents and settings\Pari\Application Data\LimeWire
2009-03-16 15:07 --------- d-----w c:\program files\Minilyrics
2009-03-15 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-15 08:46 --------- d-----w c:\program files\Azureus
2009-03-13 09:37 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-13 09:37 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-13 09:37 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-13 09:37 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-13 09:37 --------- d-----w c:\program files\Symantec
2009-03-12 10:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-05 13:19 --------- d-----w c:\program files\Soulseek
2009-02-26 20:47 --------- d-----w c:\documents and settings\Pari\Application Data\DMCache
2009-02-21 22:18 --------- d-----w c:\program files\mIRC
2009-02-21 06:00 --------- d-----w c:\documents and settings\Pari\Application Data\Skype
2009-02-21 02:36 --------- d-----w c:\documents and settings\Pari\Application Data\skypePM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:50 --------- d-----w c:\documents and settings\Pari\Application Data\Artisteer
2009-02-08 20:49 --------- d-----w c:\program files\Artisteer
2009-02-07 11:36 --------- d-----w c:\program files\Web Gallery Wizard PRO
2009-02-07 07:15 --------- d-----w c:\program files\Effective Studios
2009-02-01 16:09 --------- d-----w c:\documents and settings\Pari\Application Data\PCF-VLC
2009-02-01 16:04 --------- d-----w c:\program files\Participatory Culture Foundation
2009-02-01 16:04 --------- d-----w c:\documents and settings\Pari\Application Data\Participatory Culture Foundation
2009-02-01 14:06 --------- d-----w c:\program files\MSN Messenger
2009-02-01 14:06 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 12:06 --------- d-----w c:\program files\LimeWire
2009-01-23 21:17 --------- d-----w c:\program files\Submit Suite
2009-01-23 20:01 --------- d-----w c:\program files\DC++
2009-01-23 09:43 --------- d-----w c:\documents and settings\Pari\Application Data\PC Suite
2009-01-23 09:40 --------- d-----w c:\documents and settings\Pari\Application Data\Nokia
2009-01-22 09:20 --------- d-----w c:\program files\Direct Connect Hub
2009-01-18 07:01 88 -csh--r c:\documents and settings\All Users\Application Data\C2A54A786B.sys
2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll
2008-10-30 19:37 24,192 ----a-w c:\documents and settings\Pari\usbsermptxp.sys
2008-10-30 19:37 22,768 ----a-w c:\documents and settings\Pari\usbsermpt.sys
2008-05-19 11:37 88 -csh--r c:\documents and settings\All Users\Application Data\13DAA789FF.sys
2008-04-03 09:38 88 -csh--r c:\documents and settings\All Users\Application Data\7E68E455B0.sys
2008-04-03 09:38 3,296 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-03-01 11:08 87,608 ----a-w c:\documents and settings\Pari\Application Data\ezpinst.exe
2008-03-01 11:08 47,360 -c--a-w c:\documents and settings\Pari\Application Data\pcouffin.sys
2007-05-24 09:28 249,856 -c--a-w c:\windows\inf\WG311v3\InsDrv2k.exe
2006-12-04 06:08 212,992 -c--a-w c:\windows\inf\WG311v3\CopyWHQLDriver.exe
2005-12-29 12:37 282,624 -c--a-r c:\windows\inf\WG311v3\WG311v3XP.sys
2008-09-03 19:07 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-01-20 18:36 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008012120080122\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2008-06-20 17:21 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 17:29 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 16:14 360960 744e57c99232201ae98c49168b918f48 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-09-20 02:56 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2008-09-20 02:56 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"msacm.ac3filter"= ac3filter.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 00:19 133104 c:\documents and settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2007-10-23 10:37 9146368 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-02-11 10:19 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-14 12:21 7323648 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-25 19:54 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-14 12:21 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Football Manager 2009\\fm.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-03-17 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-03-17 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-03-17 41217]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a5a29d-654e-11dd-9858-00146c316d79}]
\Shell\AutoRun\command - xvlyb.exe
\Shell\explore\Command - xvlyb.exe
\Shell\open\Command - xvlyb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1454471165-1801674531-1003.job
- c:\documents and settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 00:19]
2009-03-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Pari.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
2009-03-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Pari.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
2009-03-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-04-16 22:21]
2009-03-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-04-16 22:21]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-cdoosoft - c:\windows\system32\olhrwef.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Pari\Application Data\Mozilla\Firefox\Profiles\3d0hynlv.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 16:45:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{01e7326d-99cf-4075-8a13-f9db8079edef}]
@Denied: (Full) (Everyone)
"Model"=dword:00000034
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,09,ad,3e,b5,db,
1d,2a,d4,05,98,32,02,34,2b,da,61,0e,cd,6f,a2,58,aa,76,f3,43,95,c5,3a,93,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{12c46206-0a2b-48cc-9601-c9133f0822cb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014d
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0a,17,5d,9f,97,bf,67,6d,11,aa,f3,3e,c7,e3,35,e1,90,19,3d,16,4e,
f7,c2,ae,d2,47,1e,47,75,bf,af,71,1b,b3,82,39,ef,d8,03,82,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4d,e8,03,5f,3a,be,90,8d,fe,57,f9,d6,4f,1e,59,ec,a0,60,b1,a4,1b,
f5,36,be,3b,b9,a2,b7,2f,c6,91,a2,18,c5,3a,43,70,5a,cf,07,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\avsda.dll
.
Completion time: 2009-03-17 16:48:14
ComboFix-quarantined-files.txt 2009-03-17 11:17:10
ComboFix2.txt 2009-01-02 15:19:37
ComboFix3.txt 2008-12-12 14:40:11
Pre-Run: 5,256,347,648 bytes free
Post-Run: 5,278,285,824 bytes free
261
-------------
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
3/17/2009 4:03:33 AM
mbam-log-2009-03-17 (04-03-33).txt
Scan type: Quick Scan
Objects scanned: 76522
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-----------------------------------------------------
Tbhis is bad stuff , have you run flash disinfector yet ?
[HKEY_CURRENT_USER\softwar e\microsof t\windows\ currentver sion\explo rer\mountp oints2\{c1 a5a29d-654 e-11dd-985 8-00146c31 6d79}]
\Shell\AutoRun\command - xvlyb.exe
\Shell\explore\Command - xvlyb.exe
\Shell\open\Command - xvlyb.exe
have you updated your Antivirus & run a full scan in safe mode?
in CF log it mentions the below
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
if the problem persists, I am sure a combofix script will handle this & any other remains.
[HKEY_CURRENT_USER\softwar
\Shell\AutoRun\command - xvlyb.exe
\Shell\explore\Command - xvlyb.exe
\Shell\open\Command - xvlyb.exe
have you updated your Antivirus & run a full scan in safe mode?
in CF log it mentions the below
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
if the problem persists, I am sure a combofix script will handle this & any other remains.
ASKER
I just ran flash disinfector -
updating the virus definition - downloading way too slow -
once its updated - i will run the full scan and get back to you very soon
but as of now there's no changes regarding direct downloading.
its still getting stuck and times out in few cases - it took me more than an hour to download combofix itself which caused me the delay in replying to you. (extremely sorry for that)
updating the virus definition - downloading way too slow -
once its updated - i will run the full scan and get back to you very soon
but as of now there's no changes regarding direct downloading.
its still getting stuck and times out in few cases - it took me more than an hour to download combofix itself which caused me the delay in replying to you. (extremely sorry for that)
ASKER
downloads still get stuck - please help.
also spoke to my internet service provider - he did something called dns binding
but still there's no changes
posting fresh combofix - hijackthis - malwarebytes anti malware logs
** see snippet for ALL updated logs - b0lsc0tt **
also spoke to my internet service provider - he did something called dns binding
but still there's no changes
posting fresh combofix - hijackthis - malwarebytes anti malware logs
** see snippet for ALL updated logs - b0lsc0tt **
ComboFix 09-03-15.01 - Pari 2009-03-18 1:15:12.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1545 [GMT 5.5:30]
Running from: c:\documents and settings\Pari\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.
2009-03-17 03:53 . 2009-03-17 03:53 <DIR> d-------- c:\documents and settings\Pari\Application Data\Avira
2009-03-17 03:51 . 2009-03-17 03:51 <DIR> d-------- c:\program files\Avira
2009-03-17 03:51 . 2009-03-17 03:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-16 04:17 . 2009-03-16 04:20 452 --a------ c:\windows\WINCMD.INI
2009-03-15 16:20 . 2009-03-15 16:20 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-03-15 16:20 . 2009-03-15 16:20 <DIR> d-------- c:\program files\Common Files\SYMANT~1
2009-03-13 02:31 . 2009-03-17 04:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 02:31 . 2009-03-13 02:31 <DIR> d-------- c:\documents and settings\Pari\Application Data\Malwarebytes
2009-03-13 02:31 . 2009-03-13 02:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 02:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 02:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 02:24 . 2009-03-15 13:49 46,640 --a------ c:\windows\system32\msln.exe
2009-03-13 01:05 . 2009-03-17 18:05 <DIR> d-------- C:\Downloads
2009-03-13 01:00 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Pari\Application Data\GetRight Pro
2009-03-11 02:07 . 2008-12-05 12:24 144,896 -----c--- c:\windows\system32\dllcache\schannel.dll
2009-03-02 03:08 . 2009-03-02 03:08 <DIR> d-------- c:\program files\Turbo Tube
2009-02-25 06:33 . 2008-06-18 00:32 8,461,312 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-02-22 03:10 . 2009-02-22 03:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-02-22 03:09 . 2009-02-22 03:09 <DIR> d-------- c:\windows\Logs
2009-02-22 03:06 . 2009-02-22 03:09 <DIR> d--h----- c:\program files\Zero G Registry
2009-02-22 03:04 . 2009-02-22 03:04 <DIR> d--h----- c:\documents and settings\Pari\InstallAnywhere
2009-02-22 03:03 . 2009-02-22 03:14 <DIR> d-------- c:\documents and settings\Pari\Application Data\Sports Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 17:45 --------- d-----w c:\documents and settings\Pari\Application Data\LimeWire
2009-03-17 17:45 --------- d-----w c:\documents and settings\Pari\Application Data\Azureus
2009-03-17 17:43 --------- d-----w c:\program files\Azureus
2009-03-17 10:50 --------- d-----w c:\documents and settings\Pari\Application Data\Vso
2009-03-16 15:07 --------- d-----w c:\program files\Minilyrics
2009-03-15 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-13 09:37 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-13 09:37 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-13 09:37 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-13 09:37 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-13 09:37 --------- d-----w c:\program files\Symantec
2009-03-12 10:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-05 13:19 --------- d-----w c:\program files\Soulseek
2009-02-26 20:47 --------- d-----w c:\documents and settings\Pari\Application Data\DMCache
2009-02-21 22:18 --------- d-----w c:\program files\mIRC
2009-02-21 06:00 --------- d-----w c:\documents and settings\Pari\Application Data\Skype
2009-02-21 02:36 --------- d-----w c:\documents and settings\Pari\Application Data\skypePM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:50 --------- d-----w c:\documents and settings\Pari\Application Data\Artisteer
2009-02-08 20:49 --------- d-----w c:\program files\Artisteer
2009-02-07 11:36 --------- d-----w c:\program files\Web Gallery Wizard PRO
2009-02-07 07:15 --------- d-----w c:\program files\Effective Studios
2009-02-01 16:09 --------- d-----w c:\documents and settings\Pari\Application Data\PCF-VLC
2009-02-01 16:04 --------- d-----w c:\program files\Participatory Culture Foundation
2009-02-01 16:04 --------- d-----w c:\documents and settings\Pari\Application Data\Participatory Culture Foundation
2009-02-01 14:06 --------- d-----w c:\program files\MSN Messenger
2009-02-01 14:06 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 12:06 --------- d-----w c:\program files\LimeWire
2009-01-23 21:17 --------- d-----w c:\program files\Submit Suite
2009-01-23 20:01 --------- d-----w c:\program files\DC++
2009-01-23 09:43 --------- d-----w c:\documents and settings\Pari\Application Data\PC Suite
2009-01-23 09:40 --------- d-----w c:\documents and settings\Pari\Application Data\Nokia
2009-01-22 09:20 --------- d-----w c:\program files\Direct Connect Hub
2009-01-18 07:01 88 -csh--r c:\documents and settings\All Users\Application Data\C2A54A786B.sys
2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll
2008-10-30 19:37 24,192 ----a-w c:\documents and settings\Pari\usbsermptxp.sys
2008-10-30 19:37 22,768 ----a-w c:\documents and settings\Pari\usbsermpt.sys
2008-05-19 11:37 88 -csh--r c:\documents and settings\All Users\Application Data\13DAA789FF.sys
2008-04-03 09:38 88 -csh--r c:\documents and settings\All Users\Application Data\7E68E455B0.sys
2008-04-03 09:38 3,296 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-03-01 11:08 87,608 ----a-w c:\documents and settings\Pari\Application Data\ezpinst.exe
2008-03-01 11:08 47,360 -c--a-w c:\documents and settings\Pari\Application Data\pcouffin.sys
2007-05-24 09:28 249,856 -c--a-w c:\windows\inf\WG311v3\InsDrv2k.exe
2006-12-04 06:08 212,992 -c--a-w c:\windows\inf\WG311v3\CopyWHQLDriver.exe
2005-12-29 12:37 282,624 -c--a-r c:\windows\inf\WG311v3\WG311v3XP.sys
2008-09-03 19:07 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-01-20 18:36 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008012120080122\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
2008-09-03 19:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2008-06-20 17:21 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 17:29 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 16:14 360960 744e57c99232201ae98c49168b918f48 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-09-20 02:56 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2008-09-20 02:56 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-03-17_16.45.41.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-03-17 04:19:20 72,094 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-17 13:01:58 72,094 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-17 04:19:20 444,088 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-17 13:01:58 444,088 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 00:19 133104 c:\documents and settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2007-10-23 10:37 9146368 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-02-11 10:19 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-14 12:21 7323648 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-25 19:54 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-14 12:21 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1689:TCP"= 1689:TCP:Firefox
"1689:UDP"= 1689:UDP:Firefox
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-03-17 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-03-17 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-03-17 41217]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPOD_SERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a5a29d-654e-11dd-9858-00146c316d79}]
\Shell\AutoRun\command - xvlyb.exe
\Shell\explore\Command - xvlyb.exe
\Shell\open\Command - xvlyb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1454471165-1801674531-1003.job
- c:\documents and settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 00:19]
2009-03-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Pari.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
2009-03-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Pari.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
2009-03-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-04-16 22:21]
2009-03-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-04-16 22:21]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Pari\Application Data\Mozilla\Firefox\Profiles\dp2fdvge.Paritosh12\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 01:16:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{01e7326d-99cf-4075-8a13-f9db8079edef}]
@Denied: (Full) (Everyone)
"Model"=dword:00000034
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,09,ad,3e,b5,db,
1d,2a,d4,05,98,32,02,34,2b,da,61,0e,cd,6f,a2,58,aa,76,f3,43,95,c5,3a,93,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{12c46206-0a2b-48cc-9601-c9133f0822cb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014d
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0a,17,5d,9f,97,bf,67,6d,11,aa,f3,3e,c7,e3,35,e1,90,19,3d,16,4e,
f7,c2,ae,d2,47,1e,47,75,bf,af,71,1b,b3,82,39,ef,d8,03,82,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4d,e8,03,5f,3a,be,90,8d,fe,57,f9,d6,4f,1e,59,ec,a0,60,b1,a4,1b,
f5,36,be,3b,b9,a2,b7,2f,c6,91,a2,18,c5,3a,43,70,5a,cf,07,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\avsda.dll
.
Completion time: 2009-03-18 1:18:20
ComboFix-quarantined-files.txt 2009-03-17 19:47:49
ComboFix2.txt 2009-03-17 11:18:15
ComboFix3.txt 2009-01-02 15:19:37
ComboFix4.txt 2008-12-12 14:40:11
Pre-Run: 5,062,082,560 bytes free
Post-Run: 5,047,103,488 bytes free
245 --- E O F --- 2009-03-17 12:09:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:02 AM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Documents and Settings\Pari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pari\Desktop\Desktop Stuff\IDM.v5.15 Build 3.g3n.downarchive\Internet Download Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pari588.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - Avira GmbH - (no file)
--
End of file - 7367 bytes
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
3/18/2009 1:55:35 AM
mbam-log-2009-03-18 (01-55-35).txt
Scan type: Quick Scan
Objects scanned: 76367
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I'd LOVE to give some insights and recommendations, but am stuck on the volume of apps you have running concurrently, that could well be (often are) incompatible.
In my humble opinion, it would help to know how current you are with updates to your Operating System files/interfaces, your Browser updates (some are IE reliant, but you use Firefox, both of which had had significant updates to protect you that you may not yet have implemented). Don't know enough about the results other than the postings you've shared here... My point is that you've installed/uninstalled many, you've not clearly identified your environment (said you disabled some stuff), if you're in a DSL or T1 or other such "open" environments and had your system exposed, ports open and so on, you may be experiencing many conflicts and intrusions. Would be helpful to know more about your situation to help you more expeditiously.
Just feeling you're in a spin here with all the things you've tried without any of us really knowing enough about your setup/environment, and ERROR messages if any.
thanks for indulging me, and hope it helps,
Asta
In my humble opinion, it would help to know how current you are with updates to your Operating System files/interfaces, your Browser updates (some are IE reliant, but you use Firefox, both of which had had significant updates to protect you that you may not yet have implemented). Don't know enough about the results other than the postings you've shared here... My point is that you've installed/uninstalled many, you've not clearly identified your environment (said you disabled some stuff), if you're in a DSL or T1 or other such "open" environments and had your system exposed, ports open and so on, you may be experiencing many conflicts and intrusions. Would be helpful to know more about your situation to help you more expeditiously.
Just feeling you're in a spin here with all the things you've tried without any of us really knowing enough about your setup/environment, and ERROR messages if any.
thanks for indulging me, and hope it helps,
Asta
I think it would also be helpful if we could identify whether it is a Network issue (Routing and package delivery?) or if is computer specific.. do you have a laptop or another system to test this with?
ASKER
i have got a laptop to test the internet with . please guide what do i have to do?
I see at lease two anti-virus clients, plus HiJackThis, Malwarebytes, any others?
Multiple peer-to-peer clients.
Multiple chat clients.
Proxy service "accelerator" for downloading YouTube videos.
5-character EXE file being called: xvlyb.exe for no known reason...the only search results point to PWS-Gamania.gen.a
Recommend you go offline and save your data before proceeding. Don't use your data anywhere...if there is an infection, you will spread it.
Ignoring the other software, what is the reason for running multiple anti-virus "security" applications?
Multiple peer-to-peer clients.
Multiple chat clients.
Proxy service "accelerator" for downloading YouTube videos.
5-character EXE file being called: xvlyb.exe for no known reason...the only search results point to PWS-Gamania.gen.a
Recommend you go offline and save your data before proceeding. Don't use your data anywhere...if there is an infection, you will spread it.
Ignoring the other software, what is the reason for running multiple anti-virus "security" applications?
ASKER
i has symantec antivirus first - but my license expired - uninstalled it
so i bought the avira antivirus package taking your advice
and i was told to download malwarebytes anti malware
i use azureus as my p2p client
i had a youtube downloader
"xvlyb.exe" - have no idea - hoping the anti virus should resolve it
hijackthis is post the logs
in azureus - my downloads are quick and perfect
so i bought the avira antivirus package taking your advice
and i was told to download malwarebytes anti malware
i use azureus as my p2p client
i had a youtube downloader
"xvlyb.exe" - have no idea - hoping the anti virus should resolve it
hijackthis is post the logs
in azureus - my downloads are quick and perfect
I noted as well another P2P client on your scan results, which is Soulseek, and although new to me, found details in this writeup which may also be at the crux of download issues, so you may benefit by checking this out as well. http://en.wikipedia.org/wi ki/Soulsee k
Not sure which Norton product you had originally installed, since we see it still present. It may help to know the actual product and version, since frequently if uninstalls are not complete, residual impact exists, and may need to do a Norton cleanup in general.
There are a number of issues in terms of having multiple downloaders installed and concurrently running, but I'm guessing you know that at this point. Browser Add-Ons may also play a part, which are installed and running?
Not sure which Norton product you had originally installed, since we see it still present. It may help to know the actual product and version, since frequently if uninstalls are not complete, residual impact exists, and may need to do a Norton cleanup in general.
There are a number of issues in terms of having multiple downloaders installed and concurrently running, but I'm guessing you know that at this point. Browser Add-Ons may also play a part, which are installed and running?
ASKER
I was using Symantec Antivirus Corporate Edition 10 - i uninstalled it from Add/Remove Programs in Control Panel
I have uninstalled Soulseek too
My Add On for Firefox are - Ubiquity , Twitterfox , Greasemonkey and Flashgot
on my laptop - it is perfect
downloading from azureus is still perfect!
I have uninstalled Soulseek too
My Add On for Firefox are - Ubiquity , Twitterfox , Greasemonkey and Flashgot
on my laptop - it is perfect
downloading from azureus is still perfect!
Using Firefox OK, but IE not? Sorry, need to understand, since many changes have been made. Also, any additions / changes noted in EVENT VIEWER?
Thanks for confirming installed version as 10 ... http://service1.symantec.c om/SUPPORT /ent-secur ity.nsf/0/ 5cd69fba08 f603738825 6ff5005eaa 71?OpenDoc ument&seg= en
I was surprised to note the issues here: http://www.symantec.com/co nnect/
Manually uninstalling AMS server for Symantec AntiVirus Corporate Edition 10.x or Symantec Client Security 3.x from Windows - http://service1.symantec.c om/SUPPORT /ent-secur ity.nsf/do cid/200505 1616275448 ?Open&doci d=20020319 14291648&n sf=ent-sec urity.nsf& view=0
Off to work, hope this helps you,
":0) Asta
I was surprised to note the issues here: http://www.symantec.com/co
Manually uninstalling AMS server for Symantec AntiVirus Corporate Edition 10.x or Symantec Client Security 3.x from Windows - http://service1.symantec.c
Off to work, hope this helps you,
":0) Asta
Apologies for not getting back to this question more often
after you have run Combofix , can we please take a look at a fresh hijack this log file ?
also an Autoruns log can prove helpful.
run the program (autoruns.exe) , from the file Menu>save
choose of Type (All files) & save the file as Autoruns.txt, Please attach the log here.
after you have run Combofix , can we please take a look at a fresh hijack this log file ?
also an Autoruns log can prove helpful.
run the program (autoruns.exe) , from the file Menu>save
choose of Type (All files) & save the file as Autoruns.txt, Please attach the log here.
ASKER
** see snippet for log file - b0lsc0tt **
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:55 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pari588.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - Avira GmbH - (no file)
--
End of file - 7132 bytes
AutoRunslog.txt
pari588,
Another possibility is that your ISP is throttling your bandwidth. This can happen if you really download a ton of stuff.
Another possibility is that your ISP is throttling your bandwidth. This can happen if you really download a ton of stuff.
i agree with jason1178
just ask isp if they are limiting your downloads
just ask isp if they are limiting your downloads
ASKER
sorry for not posting the logs in a snippet.
the download is affected only when i download directly from sites likes download.com or similar
the downloads are absolutely perfect when i download from a p2p client like azureus.
the direct downloads don't even download completely as it times out in between and it doesn't respond.
i called my ISP and they said there's no problem from their side and they just did a DNS binding from their end, and made my restart my PC several times, but no effect.
i did connect my laptop to the internet - and it works absolutely perfect.
can it be possible that any of the recent windows updates can affect it?
the download is affected only when i download directly from sites likes download.com or similar
the downloads are absolutely perfect when i download from a p2p client like azureus.
the direct downloads don't even download completely as it times out in between and it doesn't respond.
i called my ISP and they said there's no problem from their side and they just did a DNS binding from their end, and made my restart my PC several times, but no effect.
i did connect my laptop to the internet - and it works absolutely perfect.
can it be possible that any of the recent windows updates can affect it?
>> can it be possible that any of the recent windows updates can affect it?
Anything's possible. Could be a software issue, an OS issue, or even something as simple as a bad NIC or cable.
Anything's possible. Could be a software issue, an OS issue, or even something as simple as a bad NIC or cable.
Long shot, but...
Have you tried turning off your bittorrent client? Seeding can max out your upload limit (preventing or delaying ACK packets) and that can mess up HTTP transfers.
Have you tried turning off your bittorrent client? Seeding can max out your upload limit (preventing or delaying ACK packets) and that can mess up HTTP transfers.
ASKER
I always make sure that my p2p client,
my messenger clients
and anything else which uses the internet if always off when i download directly
i don't even browse the internet at that moment
i don't think so that there's problem with the NIC or the cable - when i connect that cable to the laptop it works perfectly - including http transfers
so its either the internet updates or OS or some other software which is affecting it.
my messenger clients
and anything else which uses the internet if always off when i download directly
i don't even browse the internet at that moment
i don't think so that there's problem with the NIC or the cable - when i connect that cable to the laptop it works perfectly - including http transfers
so its either the internet updates or OS or some other software which is affecting it.
Proprietary download agents that override your security managers and other interfaces would most definitely have an impact on all this, in my humble opinion. No question about it, depending on your operating system, update levels, installed "managers" in all regards, whether 'filters and protections" such as viruscans, firewall settings, ports and many many others would impact this.... not to mention the fact you may have had unresolved intrusions such as (virus/worm/trojans) ... and depending on such basic things as your Firewall, if Router, on Business interfaces and so on ..... Well, I guess you got what I'm saying. Trusting you feel you're in good hands, so back to work.
Best wishes ... ":0) Asta
Best wishes ... ":0) Asta
ASKER
hey.. just one more thing -
its a home personal computer with only 1 operator - thats me
thanks
its a home personal computer with only 1 operator - thats me
thanks
ALT+CTRL+DEL to get task manager and see what all is running, CPU percentage and so on may add some clues. Also, in a cable environment, helps to know things like what time of day you're experiencing these problems (high traffic times bandwidth wise?), any parental controls involved? Plenty of hard disk space to get the downloads? Where do downloads go by default?
I am now more inclined that this problem is related to disk write I/O issue, the Disk related events in Event log make me think so
does this happen only with Larger files (+50 MB) ?
if you have another partition / logical drive , you can try moving IE browser Cache there
Control Panel>Internet options>General>Browsing History>Setings>Move Folder
you will be prompted to logoff and log back in
please let us know how it goes.
does this happen only with Larger files (+50 MB) ?
if you have another partition / logical drive , you can try moving IE browser Cache there
Control Panel>Internet options>General>Browsing History>Setings>Move Folder
you will be prompted to logoff and log back in
please let us know how it goes.
ASKER
hey astaec,
is it possible to post a log of the task manager?
also im facing the download issue, at any point of time - off peak hours too - no parental locks - got enough space for downloads - around 25gigs - also direct downloads and p2p downloads go into another disk drive - but in different folders.
Admin3k,
direct download problems are even with a 5 mb file - only difference is it gets downloaded before it times out - takes about an hour to download - 50+ mb download files times out
i have moved the folder as instructed - but no change :(
is it possible to post a log of the task manager?
also im facing the download issue, at any point of time - off peak hours too - no parental locks - got enough space for downloads - around 25gigs - also direct downloads and p2p downloads go into another disk drive - but in different folders.
Admin3k,
direct download problems are even with a 5 mb file - only difference is it gets downloaded before it times out - takes about an hour to download - 50+ mb download files times out
i have moved the folder as instructed - but no change :(
Firefox has been updated, and if you haven't loaded Firefox and checked for updates to install, a very good idea. Also within Firefox, cleaning helps, noted here AND includes step-by-step details on how to fix Download problems within Firefox:
Synopsis - When you select a file or image to download, Firefox's Download Manager retrieves the data from the remote location and stores it on your local computer in the designated location. If you are having problems downloading or saving files using Firefox, this article provides some solutions that may resolve the issue.
http://support.mozilla.com /en-US/kb/ unable+to+ download+o r+save+fil es
Other brief cut/paste from the above link, which appears pertinent to you here - Remove Download Manager plugins
On Windows, third-party download manager plugins can interfere with Firefox downloads. Download Manager plugin files that get added to the Firefox plugins folder include the following, listed by the download manager program and the associated plugin filename: GetRight: NPGetRt.dll WinGet: NPWinGet.dll Download Accelerator Plus: npdap.dll FreshDownload: npfd.dll Net Transport: NPNXCatcher.dll, NPNXCatcher(Audio).dll, and NPNXCatcher(Video).dll
To verify if any of these files are on your system, open the Firefox plugin folder. On Windows, this folder is typically stored here:
C:\Program Files\Mozilla Firefox\plugins If any of the above files are stored in this folder, you should consider uninstalling the plugin. If you have already uninstalled the download manager, remove the file or files from the plugin folder.
For more information on third-party Download Managers that include Firefox plugins, see this plugin documentation.
Configure your Internet security software to allow the download - more at the source link ABOVE.
IE 7 may be impacted as well if you're running multiple windows and the Phishing Filter is involved - The computer may respond very slowly as the Phishing Filter evaluates Web page contents in Internet Explorer 7 - http://support.microsoft.c om/kb/9280 89
I'm running Vista Ultimate and IE 8, and have seen vast performance improvements using IE 8 vs. IE 7. Also some XP SP2 to SP3 upgrades had problems, depending on the environment and either hardware or software no longer responded as it should, and uninstalling was needed and if that's your situation, this is how (various methods posted): http://support.microsoft.c om/kb/9502 49
XP SP3 - Windows XP SP3-based computer loses wireless connectivity when it resumes from standby or from hibernation, or you receive an error message when you try to put the computer in standby or in hibernation - http://support.microsoft.c om/kb/9514 47
I don't see how to pull/post a log from Task Manager in XP, other than using the CTRL+PrintSCRN option to copy to clipboard, if I understand you correctly.
Best of luck - off to work. ":0) Asta
Synopsis - When you select a file or image to download, Firefox's Download Manager retrieves the data from the remote location and stores it on your local computer in the designated location. If you are having problems downloading or saving files using Firefox, this article provides some solutions that may resolve the issue.
http://support.mozilla.com
Other brief cut/paste from the above link, which appears pertinent to you here - Remove Download Manager plugins
On Windows, third-party download manager plugins can interfere with Firefox downloads. Download Manager plugin files that get added to the Firefox plugins folder include the following, listed by the download manager program and the associated plugin filename: GetRight: NPGetRt.dll WinGet: NPWinGet.dll Download Accelerator Plus: npdap.dll FreshDownload: npfd.dll Net Transport: NPNXCatcher.dll, NPNXCatcher(Audio).dll, and NPNXCatcher(Video).dll
To verify if any of these files are on your system, open the Firefox plugin folder. On Windows, this folder is typically stored here:
C:\Program Files\Mozilla Firefox\plugins If any of the above files are stored in this folder, you should consider uninstalling the plugin. If you have already uninstalled the download manager, remove the file or files from the plugin folder.
For more information on third-party Download Managers that include Firefox plugins, see this plugin documentation.
Configure your Internet security software to allow the download - more at the source link ABOVE.
IE 7 may be impacted as well if you're running multiple windows and the Phishing Filter is involved - The computer may respond very slowly as the Phishing Filter evaluates Web page contents in Internet Explorer 7 - http://support.microsoft.c
I'm running Vista Ultimate and IE 8, and have seen vast performance improvements using IE 8 vs. IE 7. Also some XP SP2 to SP3 upgrades had problems, depending on the environment and either hardware or software no longer responded as it should, and uninstalling was needed and if that's your situation, this is how (various methods posted): http://support.microsoft.c
XP SP3 - Windows XP SP3-based computer loses wireless connectivity when it resumes from standby or from hibernation, or you receive an error message when you try to put the computer in standby or in hibernation - http://support.microsoft.c
I don't see how to pull/post a log from Task Manager in XP, other than using the CTRL+PrintSCRN option to copy to clipboard, if I understand you correctly.
Best of luck - off to work. ":0) Asta
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
The solution is to use a download manager, there are many freewares such as:
http://down6.flashget.com/flashget196en.exe
http://www.tucows.com/preview/603558
They can solve your problem