Need help please!

[gschum]

System:
Microsoft Windows XP Professional Version 2002
Service Pack 3

Intel® Pentium® 4
CPU 2.40 GHz
1.00 GB RAM

Other Info:

Turn off System Restore on all drives has been checked.

Symptons:

My router has to be manually reset to default everyonce in awhile due to "a page cannot be dispalyed error." The first several times it detects my connection as "static" even though under TCP/IP properties I have it set to DHCP. I also noticed that the page kept refreshing and under mozilla firefox navigation toolbar, the "X" or "stop loading this page" kept reapting while at the bottom it was saying "Done". After being very persistent and many attempts it finally detected DHCP. Another problem I notcied mozilla keeps stopping the page from being redirected. Also gmer.exe keeps crashing within several seconds of opening application. I also ran ATF Cleaner.

Hidden Object
C:\DOCUMENTS AND SETTINGS\STEVE.SLS_COMP\LOCAL SETTINGS\TEMP\RARSFX0\K643DXP.EXE

LOGS:

======================================================================


Kaspersky Anti-Virus

1/19/2010 1:15:30 PM Task started File Anti-Virus Kaspersky Anti-Virus
1/19/2010 1:28:23 PM Task started File Anti-Virus Kaspersky Anti-Virus
1/19/2010 3:55:38 PM Detected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199174.exe Generic Host Process for Win32 Services
1/19/2010 5:25:24 PM Deleted: not-a-virus:RemoteAdmin.Win32.WinVNC.4 C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199174.exe Generic Host Process for Win32 Services
1/19/2010 5:25:24 PM Detected: not-a-virus:RiskTool.Win32.PsExec.123 C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199175.exe Generic Host Process for Win32 Services
1/19/2010 6:22:57 PM Deleted: not-a-virus:RiskTool.Win32.PsExec.123 C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199175.exe Generic Host Process for Win32 Services
1/19/2010 6:22:57 PM Detected: not-a-virus:NetTool.Win32.PsKill.a C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199177.exe Generic Host Process for Win32 Services
1/19/2010 6:30:00 PM Untreated: not-a-virus:NetTool.Win32.PsKill.a C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199177.exe Skipped by user Generic Host Process for Win32 Services
1/19/2010 6:32:04 PM Detected: not-a-virus:NetTool.Win32.PsKill.a C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199177.exe Windows Explorer
1/19/2010 6:32:39 PM Untreated: not-a-virus:NetTool.Win32.PsKill.a C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1604\A0199177.exe Skipped by user Windows Explorer
1/19/2010 6:32:42 PM Detected: not-a-virus:NetTool.Win32.PsKill.a C:\RECYCLER\S-1-5-21-936119014-1497507713-1777090905-1002\Dc35.exe Windows Explorer
1/19/2010 6:32:54 PM Untreated: not-a-virus:NetTool.Win32.PsKill.a C:\RECYCLER\S-1-5-21-936119014-1497507713-1777090905-1002\Dc35.exe Skipped by user Windows Explorer
1/19/2010 6:33:26 PM Detected: not-a-virus:Client-IRC.Win32.mIRC.g C:\Program Files\mIRC\mirc.exe Windows Explorer
1/19/2010 6:36:41 PM Deleted: not-a-virus:Client-IRC.Win32.mIRC.g C:\Program Files\mIRC\mirc.exe Windows Explorer
1/19/2010 6:38:19 PM Detected: not-a-virus:NetTool.Win32.PsKill.a C:\RECYCLER\S-1-5-21-936119014-1497507713-1777090905-1002\Dc35.exe Windows Explorer
1/19/2010 6:38:56 PM Untreated: not-a-virus:NetTool.Win32.PsKill.a C:\RECYCLER\S-1-5-21-936119014-1497507713-1777090905-1002\Dc35.exe Skipped by user Windows Explorer


======================================================================

Malwarebytes' Anti-Malware 1.44
Database version: 3597
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/19/2010 2:12:27 AM
mbam-log-2010-01-19 (02-12-27).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 245444
Time elapsed: 49 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\huwebijum (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yowujeje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fefiweta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hutoziyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\juviyame.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yagerumu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1572\A0186205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1572\A0186221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1572\A0186222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1572\A0186223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1573\A0191319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1573\A0191352.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1573\A0191604.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1573\A0191674.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1579\A0193853.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1589\A0196158.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1589\A0196333.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1600\A0198506.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1600\A0198742.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1601\A0198831.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7852596F-B680-4853-8413-FB6069A893DD}\RP1601\A0199005.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bilayupa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fejepena.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tepepife.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.


======================================================================

 

[gschum]

======================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:09 AM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\steve.SLS_COMP\Desktop\OTL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: spywareblaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programs\pcAnywhere10.5\awhost32.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7217 bytes

 

[officemanager1]

You have so much crap on your PC it beggars disbelief.
All the remnants of security programs on your PC are: Eset, Nortons, spyware blaster, Trend Micro, Hijack, Malwarebytes Super Anti spyware and I presume you are running Kaspersky at present, have not seen the kitchen sink yet.

When you have old traces of security suits on your PC they can impede the operation of your present security suit and cause wonderful problems and conflicts.

Sort which Security suit you want to use, add Malwarebytes to the list and you should be right, then I recommend you to reformat and reload your PC and start from scratch.

 

[gschum]

"add Malwarebytes to the list and you should be right"

I already have "Malwarebytes" , the log was in my first post, but you must have over looked that. And Norton Antivirus was unistalled last year when my my subscription ran up (wasn't satisfied with their software).

"You have so much crap on your PC it beggars disbelief."

I didn't know Anti-virus/anti-malware software was crap. Each software seems to detect malware that the other ones don't.

But Thanks, you were real helpful...

Cheers
__________________
Sometimes you got to learn to read the entire post!

 

[gschum]

Issue resolved! Thanks for your criticism, real helpful!!!! You were almost as useful as a History Major/Art Major!

Got to go, time for tea and krumpets!!

Cheers Mate
__________________
Sometimes you got to learn to read the entire post!

 

[~Darkseeker~]

before you go further, get CCleaner and clear up those useless registry keys.