Something is eating away at my PC. Help!
Hello. I have posted on here before and that was great as I was sorted out quickly. The problem this time is I have been trying to find a suitable firewall after getting sick of McAfee making my computer slow. I have been using various free firewall trials to see if they slow my computer. I have been using bullguard for a fortnight and now my internet won't work properly, task manager and two of my drives D: and E: have just disappeared from 'my computer' window.
I have tried all sorts. I don't know what is wrong but I do think it is an infection. I have run panda online scan and it found two spyware items however I couldn't get rid of them as the internet switched itself off. I have to restart my comp every time to get the internet back on for few hours before it happens again.
Please help. Here is a hijackthis! log.
Thanks so much in advance.
Nicola
Logfile of HijackThis v1.99.1
Scan saved at 17:07:38, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Download Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125489303979
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
I have tried all sorts. I don't know what is wrong but I do think it is an infection. I have run panda online scan and it found two spyware items however I couldn't get rid of them as the internet switched itself off. I have to restart my comp every time to get the internet back on for few hours before it happens again.
Please help. Here is a hijackthis! log.
Thanks so much in advance.
Nicola
Logfile of HijackThis v1.99.1
Scan saved at 17:07:38, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Download Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125489303979
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
0
This discussion has been closed.
Comments
ewido anti-spyware - Scan Report
+ Created at: 12:15:30 02/08/2006
+ Scan result:
HKU\S-1-5-21-2052111302-813497703-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\BrowserSearch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ErrorSearch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Games -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Layouts -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Manager -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\PopupBlocker -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Reference -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\RelatedSearch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ScreenSavers -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SearchMatch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SmileyTown -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Toolbar -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarLogo -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarSearch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\TravelSearch -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : No action taken.
C:\Documents and Settings\Kelvin Horrocks\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : No action taken.
HKU\S-1-5-21-2052111302-813497703-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : No action taken.
HKU\S-1-5-21-2052111302-813497703-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : No action taken.
:mozilla.10:C:\Documents and Settings\Kelvin Horrocks\Application Data\Mozilla\Firefox\Profiles\8b8txccz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\default\Cookies\default@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
::Report end
Also I managed after three times to get Panda online scan to work. Here is the report
Incident Status Location
Adware:adware/superspider Not disinfected c:\windows\system32\system32.dll
Adware:adware/downloadware Not disinfected Windows Registry
Adware:adware/quickbar Not disinfected Windows Registry
I hope this has helped a bit. I am now trying to get my CD-ROM drive and DVD drive working.
Nic
Something had corrupted my registry. Bullguard is probably the reason.
Did no one help me because I don't have genuine windows XP?
Well I saved up and I have converted to genuine.
Nic