Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Your system is infected! (Please help if you can)  (Read 38694 times)

0 Members and 1 Guest are viewing this topic.

KayleyBug

    Topic Starter


    Beginner

    Re: Your system is infected! (Please help if you can)
    « Reply #60 on: February 19, 2010, 06:04:55 PM »
    I ran a Malwarebytes full scan and it found 0 problems.

    New problem: my internet's decided to stop working on my laptop. It's connected, apparently, but says 'limited or no connectivity' and the internet icon at the bottom has an exclamation mark next to it as opposed to a check mark or an X which are the two things it normally uses. Could this be down to SP3? Obviously my internet in general is fine as I'm using the same wireless modem on this laptop.

    One thing after another, eh!  ::)

    Using a USB I got the log from Malwarebytes' scan, in case you need to take a look at that  :)

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    20/02/2010 00:42:05
    mbam-log-2010-02-20 (00-42-05).txt

    Scan type: Full Scan (C:\|E:\|)
    Objects scanned: 223060
    Time elapsed: 1 hour(s), 21 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Re: Your system is infected! (Please help if you can)
    « Reply #61 on: February 19, 2010, 06:08:01 PM »
    Make sure you have all web browsers closed.

    * Go into Control Panel > Network Connections
    * Right click on your connection then and click Properties
    * On the Properties page, highlight Internet Protocol(TCP/IP)
    * Click Properties, this will bring up another page.
    * Select Obtain DNS Server Automatically
    * Click the OK button. The page will close.
    * Press OK on the page in front of you.
    * Restart the computer.


    Any changes?

    KayleyBug

      Topic Starter


      Beginner

      Re: Your system is infected! (Please help if you can)
      « Reply #62 on: February 19, 2010, 06:18:25 PM »
      The Obtain DNS Server Automatically option was already selected.
      Restarted my laptop anyway - no change except the internet icon at the bottom looks like it's connected, instead of having an exclamation mark, but the internet still doesn't work.

      I've also noticed that my laptop takes much longer to start up the desktop after updating to SP3 - all the desktop icons take a long time to show up, is that because I now have so many due to all the anti-virus programs and log files on there?

      It could be a while before my next reply as it's 1.17am here and I have work in the morning.
      Let me know what needs doing and I'll try and sort it tomorrow.
      Thanks again for all your help so far :)

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Re: Your system is infected! (Please help if you can)
      « Reply #63 on: February 19, 2010, 06:20:52 PM »
      No problem. I'll be around tomorrow.


      Go Start > Run (Start search in Vista) and type in: cmd

      Click  OK (in Vista, while holding CTRL, and SHIFT, press Enter).

      In  the Command Prompt window type in following commands, and press  Enter after each one:

      Code: [Select]
      ipconfig /flushdns
      Code: [Select]
      ipconfig /registerdns
      Code: [Select]
      ipconfig /release
      Code: [Select]
      ipconfig /renew
      Note the space before the forward slash /

      Restart your  computer.

      Any luck?

      If not I would take a few minutes and call your ISP to see if they can reset it on their end.
      « Last Edit: February 20, 2010, 09:41:55 AM by evilfantasy »

      KayleyBug

        Topic Starter


        Beginner

        Re: Your system is infected! (Please help if you can)
        « Reply #64 on: February 20, 2010, 03:59:34 AM »
        No luck with that sadly. I'm not sure if AOL can help as it's more a problem with my laptop than the internet in general, as 2 other laptops and the computer in my house are managing to connect. So far (using my hit-and-miss Googling skills) I've discovered that one person had the same problem and resolved it by:
        uninstalling and reinstalling Client Services by going into Local Area Connection Properties.

        One website suggests letting Windows manage my Wireless network adapter by:
            1. Click Start -  Run and type “services.msc” and press enter.

            2. Scroll down to locate “Wireless Zero Configuration”

            3. Right-click and select “Start”

        Lastly AOL's website suggested Zone Alarm might be blocking it, which I hadn't thought to check.

        Once I'm home from work I'll try at least the Zone Alarm option, but I'd rather have your opinion before I start messing around with everything else :)

        KayleyBug

          Topic Starter


          Beginner

          Re: Your system is infected! (Please help if you can)
          « Reply #65 on: February 20, 2010, 11:33:15 AM »
          Success! I did a system restore to before I updated to SP3 and now I have my XP theme back (which I didn't have before I installed SP3 so that's weird but cool) and now internet works :)

          My computer's still a little slower than before at loading the desktop, it's just the background pic for a bit and then it flickers to black and then back to the picture, and that's when the icons finally appear.
          The Start bar loads straight away though. Is this because I have about 30 desktop icons now, as opposed to the 5 I had before installing everything to it?

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Re: Your system is infected! (Please help if you can)
          « Reply #66 on: February 20, 2010, 02:37:48 PM »
          You should run a Malwarebytes scan and see if it turns up anything.

          KayleyBug

            Topic Starter


            Beginner

            Re: Your system is infected! (Please help if you can)
            « Reply #67 on: February 20, 2010, 04:27:10 PM »
            Malwarebytes' Anti-Malware 1.44
            Database version: 3510
            Windows 5.1.2600 Service Pack 2
            Internet Explorer 7.0.5730.13

            20/02/2010 23:24:56
            mbam-log-2010-02-20 (23-24-56).txt

            Scan type: Quick Scan
            Objects scanned: 124335
            Time elapsed: 7 minute(s), 55 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 0
            Registry Values Infected: 0
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 0

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            (No malicious items detected)

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            (No malicious items detected)


            I think I might try de-fragmenting my laptop on Sunday, haven't done that in well over a year so that's probably slowing things down a bit.
            Can you recommend a good, user-friendly firewall? I've got ZoneAlarm but I'm not a fan of it, and I know Windows firewall isn't very good on XP.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: Your system is infected! (Please help if you can)
            « Reply #68 on: February 20, 2010, 04:30:00 PM »
            Getting rid of ZoneAlarm is probably a good idea. I've never liked it much.

            Try this. Online Armor. Be sure to completely uninstall ZA before installing OA.

            You can use the built in Windows defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

            Important! Be sure to uncheck Install optional Yahoo! Toolbar during the install process to avoid installing the Yahoo! Toolbar.

            Note: Be sure to clean out temp files (run CCleaner) and restart the computer just before beginning a defrag.

            KayleyBug

              Topic Starter


              Beginner

              Re: Your system is infected! (Please help if you can)
              « Reply #69 on: February 20, 2010, 04:31:22 PM »
              Thanks :) Does this mean my laptop is all clear?

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: Your system is infected! (Please help if you can)
              « Reply #70 on: February 20, 2010, 04:32:56 PM »
              You can post a new HijackThis log for a double check.

              KayleyBug

                Topic Starter


                Beginner

                Re: Your system is infected! (Please help if you can)
                « Reply #71 on: February 20, 2010, 04:35:04 PM »
                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 23:35:08, on 20/02/2010
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16674)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Windows Defender\MsMpEng.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\HPQ\IAM\bin\asghost.exe
                C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                C:\WINDOWS\UMStor\Res.EXE
                C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
                C:\Program Files\iTunes\iTunesHelper.exe
                C:\PROGRA~1\AVG\AVG8\avgtray.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                C:\WINDOWS\System32\svchost.exe
                C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                C:\Program Files\Bonjour\mDNSResponder.exe
                C:\WINDOWS\system32\IFXSPMGT.exe
                C:\WINDOWS\system32\IFXTCS.exe
                C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\system32\mqsvc.exe
                C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                C:\WINDOWS\system32\mqtgsvc.exe
                C:\Program Files\iPod\bin\iPodService.exe
                C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
                C:\WINDOWS\system32\wscntfy.exe
                C:\Program Files\Common Files\Teleca Shared\Generic.exe
                C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                C:\Program Files\Windows Live\Contacts\wlcomm.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
                O1 - Hosts: ˙ž127.0.0.1 localhost
                O1 - Hosts: ::1 localhost
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
                O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
                O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
                O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
                O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [Kbdgui] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat""
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
                O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
                O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
                O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
                O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
                O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
                O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
                O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

                --
                End of file - 11311 bytes

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: Your system is infected! (Please help if you can)
                « Reply #72 on: February 20, 2010, 04:48:00 PM »
                Quote
                Checking: Platform: Windows XP SP2 (WinNT 5.01.2600)

                You should get SP3 ASAP. There are many security related updates as well as stability improvements included with SP3.

                Something is wrong here. Looks like your HOSTS file is messed up. Might be contributing to your connection issues. Looks like there is indeed an infection also.

                If you are going to remove Zone Alarm go ahead and do it now so it does not interfere with the fixes. Wait until we are done to install Online Armour.

                Open HijackThis and select Do a system scan only

                Place a check mark next to the following entries: (if there)

                • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
                • O1 - Hosts: ˙ž127.0.0.1 localhost
                • O1 - Hosts: ::1 localhost
                • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                • O4 - HKCU\..\Run: [Kbdgui] rundll32.exe \"C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat\"\"
                .
                Important: Close all open windows except for HijackThis and then click Fix checked.

                Once completed, exit HijackThis.

                ----------

                Download HostsXpert and then follow the below steps.

                * Unzip HostXpert to your desktop.
                * Open up the HostsXpert program.
                * (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)
                * Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).
                * Click Create Back Up.
                * Then click on Restore Microsoft's Host Files.
                * Close the HostsXpert program.

                Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

                ----------

                If you already have ComboFix be sure to delete it and download a new copy.

                Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

                Link #1
                Link #2

                **Note:  It is important that it is saved directly to your Desktop

                Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
                 
                Double click combofix.exe & follow the prompts.
                Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
                When finished ComboFix will produce a log for you.
                Post the ComboFix log in your next reply.

                Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

                If you have problems with ComboFix usage, see How to use ComboFix


                KayleyBug

                  Topic Starter


                  Beginner

                  Re: Your system is infected! (Please help if you can)
                  « Reply #73 on: February 20, 2010, 04:55:06 PM »
                  Can I do all these things before installing SP3?
                  Installing SP3 is what messed up my internet connection the first time so I want to get all this sorted first if possible, there's no way SP3 will undo these instructions is there? If I install it after?

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 489
                  • Experience: Familiar
                  • OS: Windows 10
                  Re: Your system is infected! (Please help if you can)
                  « Reply #74 on: February 20, 2010, 05:10:38 PM »
                  Yes it's best to wait until we get done before going to SP3.