Computer Security & Viruses/possible virus

Advertisement

Expert: - 5/27/2008


Question
For the past week I have been unable to activate my virus program.
I realized this once my pc began freezing when trying to open media player so I have attempted to scan my computer for viruses.
The icon for my AV is displayed as disabled and windows security pops up saying I have no security.
Upon trying to open my AV program it also freezes my computer and I am forced to restart.
I have attempted using netstat -a to see if I have additional ports open that would flood my pc

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:Documents and Settings>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP :epmap :0 LISTENING
TCP :microsoft-ds :0 LISTENING
TCP :2869 :0 LISTENING
TCP :1031 :0 LISTENING
TCP :1035 localhost:1036 ESTABLISHED
TCP :1036 localhost:1035 ESTABLISHED
TCP :1056 localhost:1057 ESTABLISHED
TCP :1057 localhost:1056 ESTABLISHED
TCP :netbios-ssn wiley:0 LISTENING
TCP :2869 192.168.0.1:1295 CLOSE_WAIT
UDP :microsoft-ds *:*
UDP :isakmp *:*
UDP :1026 *:*
UDP :1073 *:*
UDP :1074 *:*
UDP :1075 *:*
UDP :4500 *:*
UDP :ntp *:*
UDP :1042 *:*
UDP :1900 *:*
UDP :ntp *:*
UDP :netbios-ns *:*
UDP :netbios-dgm *:*
UDP :1900 *:*

It appears that there is not heavy amount of TCP ports but I am beginner so I only assume that it's unlikely spyware that is the issue which I could be most likely wrong.
I have also performed numerous AV/SW scans in safe mode which have also come out clean and this is the only way I am able to access the virus scanner. I have currently tried Kurspursky, Bit defender (trial version), Spybot search and destroy and Adaware.


I have also ran Trend Micro Hijackthis and here is the report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:17 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre1.5.0_10injusched.exe
C:WINDOWSsystem32CTHELPER.EXE
C:PROGRA~1AliantNETASS~1SMARTB~1MotiveSB.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesCommon FilesLogitechQCDriver3LVCOMS.EXE
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesBitDefenderBitDefender 2008dagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesLogitechImageStudioLowLight.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32
vsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe
C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
C:Program FilesBitDefenderBitDefender 2008 sserv.exe
C:Program FilesMozilla Firefox irefox.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsAndrewMy DocumentsFirefox DownloadsHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.aliant.net
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10inssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2008IEToolbar.dll
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10injusched.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 - HKLM..Run: [2chkdsk] "rundll32.exe" "C:WINDOWSsystem32xwipdpwi.dll",setvm
O4 - HKLM..Run: [Motive SmartBridge] C:PROGRA~1AliantNETASS~1SMARTB~1MotiveSB.exe
O4 - HKLM..Run: [SystemOptimizer] "rundll32.exe" "C:WINDOWSsystem32uylxgndf.dll",forkonce
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LVCOMS] "C:Program FilesCommon FilesLogitechQCDriver3LVCOMS.EXE"
O4 - HKLM..Run: [LogitechGalleryRepair] "C:Program FilesLogitechImageStudioISStart.exe"
O4 - HKLM..Run: [LogitechImageStudioTray] "C:Program FilesLogitechImageStudioLogiTray.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [NeroFilterCheck] "C:Program FilesCommon FilesNeroLibNeroCheck.exe"
O4 - HKLM..Run: [iCall Internet Phone] "C:Program FilesiCalliCall.exe" /startup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [BitDefender Antiphishing Helper] "C:Program FilesBitDefenderBitDefender 2008IEShow.exe"
O4 - HKLM..Run: [BDAgent] "C:Program FilesBitDefenderBitDefender 2008dagent.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:Program FilesBitDefenderBitDefender 2008 sserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe
--
End of file - 6373 bytes

I am about out of ideas on what to do so any assistance will be appreciated

Answer
Hello Astrid

First, disable or exit all malware scanners, includiong Spybot. Download and Run ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


*Double click combofix.exe & follow the prompts.
*When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next:
Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe


Double click SDFix.exe and it will extract the files.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back here with a new HijackThis log

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.