Having several Problems, Help!

[kat4spot]

Hi everyone, new guy here, and with a few problems. I first noticed my internet connection was getting very slow, then i coudnt get some pages to load till i tryied reloading them a few times. I use Limewire for mp3s and avis, and i was very slow, i suspected my internet wasnt quite right. So i downloaded Bitemeter and without any browsers or limewire on, i was having a lot of traffic, emails it turned out. I have AVG antivirus but that didnt show any virus, so i downloaded Mcfee, and Bitdefender and ZoneAlarm. After awhile i got a virus detection for New Poly Win32 and a few others, but the Poly just cant get it to go away. Sending my HJT and hopefully someone can give me a hand in getting my PC back.

Thanks, Kat

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and HERE. Follow the instructions carefully.

Then, go HERE and follow all the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

 

[kat4spot]

Ok Let get to work

Hey Howard, Thanks for the fast reply.

So now i will get to work on this, Mcfee is going crazy with alerts of potencial worm activity, emails without any browser opened. So i downloaded the software you suggested and going to get to work ASAP.
Having some problems loading some of the pages, but finally got the first 2.
I have tried to run online scans yesterday before i got in this forum and i am having problems with them, cant get them to complete. Sometimes i cant get Explore to load any webpages. I will let you know how i am doing.

So by the looks of it, i got a worm problem, a virtumonde problem and the new poly win 32....... So far, ja ja ja

Thanks for your help Howard,

Regards, Kat

 

[howard_hopkinso]

Just do what you can. The Vundofix.exe should solve some of your problems.

Eventually you will be able to run the Trend Housecall scanner.

Regards Howard

 

[kat4spot]

So far so goof

Hi Howard,

Well you called it, that Virtumonde is history and a few others after i ran a complete virus scan with Ewido. Got control back of my internet and the emails have stopped, speed is better also. So far so good, i realize that i still have to try the online scan so hopefully this time it will work.
Let you know how i do.

Best regards, Kat

 

[kat4spot]

Wow

Hi Howard,

Ran Ewido and got rid of leftover stuff, checked out the quarantine folder and WOW!!!! Got a whole lot of stuff, including Backdoor whatever that is, doesnt sounds to good. Also got a cookie thats named Falkag.

So Tomorrow i will start with cleaning house with HJT and see what happens, disabled BitDefender at startup, just using memory and didnt catch anything.
Mcfee and Spyboot where the ones that at least gave me notice, going to keep AVG for now and ZoneAlarm firewall works pretty good. Any other Free Firewalls better than this one around? Budget issues. Thinking of buying Norton Suite, but i have used Norton in the past and its a memory Gobbler and very slow. Mabe ill go legit with Mcfee.

Thanks a lot for your help, let you know how i am doing.

Best regards, Kat

 

[RealBlackStuff]

Don't waste your money on ANY Symantec/Norton crap bloatware!
And while you're at it, forget about McAfee as well.
AVG does the job for free.
Free firewalls from Kerio/Sunbelt or Outpost/Agnitum or ZA (least favourite).

 

[howard_hopkinso]

Sound like you`re doing ok. However, I won`t be able to tell properly until you post your HJT log.

Follow all the instructions before you do so.

RBS`s advice is top notch as usual. AVG free is a great antivirus programme.

Regards Howard

 

[kat4spot]

mmmm

Hi all,

Sending my latest HJT file, system seems to be doing much better, and faster. Yet i am still getting the BHO with no files.

Also, i got a new issue, my PC is running as a multiuser, my own, my wifes (school stuff) and a Master which is suppose to be a full administrator rights user that i hardly ever use. I found thar HJT gives me different scans depending on what user im in. So all these latest changes i have made from my user since thats where the problems started, regardless of how the viruses ended up everywhere. Am i doing somethig wrong or missing something? Should i do a HJT fix in all users?

Regards, Kat.

 

[RealBlackStuff]

You'll need to get rid of all this junk underneath first:
-McAfee
-Bitdefender
-Avant
-Alwil/Avast
-Free Download Manager

Only leave AVG antivirus and Zonelabs Firewall on your PC
UNinstall the lot, delete all the directories it has created. Look in EVERY user-profile as well.
When done, post a new HJT-log.


Logfile of HijackThis v1.99.1
Scan saved at 12:03:59 a.m., on 18/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
c:\archivos de programa\mcafee.com\agent\mcagent.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
C:\archivos de programa\softwin\bitdefender8\bdnagent.exe
C:\Archivos de programa\Softwin\BitDefender8\bdswitch.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
c:\archiv~1\mcafee.com\vso\mcvsftsn.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe

O2 - BHO: (no name) - {0612F71E-934B-4D92-B8E8-2E29EA78EB03} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72A5C725-6FD6-4B08-9EF4-E311FA36CD32} - (no file)
O2 - BHO: (no name) - {756C3C45-7B86-4ECD-9306-68830B6255Be} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\archivos de programa\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Archivos de programa\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Abrir en Avant Browser nuevo - C:\Archivos de programa\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlpage.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

[kat4spot]

Lets see now

Ok guys, got rid of a lot of stuff here, hope i am doing things right.
Sending HJT

Regards, Kat

 

[kat4spot]

One other thing

Forgot to tell you guys, my PC is running very well now, internet is also much faster. Need to free some disk space, i have 35% free space left. Got to sart burning some music CDs to lighten the load.

Thanks a lot for your help, couldnt have done it on my own thats for sure.
Kat

 

[howard_hopkinso]

Let HJT fix these entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

Other than that, your log is clean.

Regards Howard

 

[kat4spot]

Ok

Sounds good, i have tried to eliminate the DPFs but they keep comming back, forgot to remove Spybot Resident so maybe thats where the problem is. Going to remove it and keep it on the desktop.

Anyway, Thanks a lot guys, just saved me a few headaches, a few bucks too.
I was ready to take my pc to the shop next week where they would probably format the disk and reload windows and office.

Did that a few months ago, the problem then was that windows didnt recognize my CD drive or my DVD burner drive and it turned out, my CD drive bought the farm, but they still couldnt get windows to see the DVD burner, they installed it on another machine and it worked fine. So they formated the disk, reinstalled everything from a backup and been working fine after that.
Still dont know how that happened or how to fix it if it ever happens again.
Didnt know about you guys then, who knows maybe you could have saved me a lot of time and money

Thank you very much Howard and RealBlack Stuff.

 

[howard_hopkinso]

i have tried to eliminate the DPFs but they keep comming back

It`s nothing to worry about. They probably belong to some application you are running. That`s why they keep coming back.

Regards Howard