Tech Support Forum - View Single Post - Firefox/IE isn't working & has malware pop-ups

ElessarDunadan · 07-30-2008, 08:34 PM

Hi,

As of a few days ago, Firefox hasn't been loading various websites, including Google searches. I would also get pop-ups for fake virus scanning programs and casino websites. And now, even IE 6 & 7 aren't fully responding either.

For the past month, Windows update would download updates, but would fail when it tried to install them. And now I can't even use Windows update, as it says I need to turn on Automatic Updates in services.msc, but when I try to turn it on, I get the message:

Quote:

---------------------------
Services
---------------------------
Could not start the Automatic Updates service on Local Computer.

Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

---------------------------
OK
---------------------------

Here are the results from the DSS scan:

Quote:

Deckard's System Scanner v20071014.68
Run by Family on 2008-07-30 19:30:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
89: 2008-07-31 01:30:36 UTC - RP559 - Deckard's System Scanner Restore Point
88: 2008-07-29 17:57:48 UTC - RP558 - Removed Windows Live installer
87: 2008-07-29 17:57:29 UTC - RP557 - Removed Windows Live Sign-in Assistant
86: 2008-07-29 17:56:34 UTC - RP556 - Removed Windows Live Messenger
85: 2008-07-29 17:24:27 UTC - RP555 - Last known good configuration

-- First Restore Point --
1: 2008-07-29 17:24:10 UTC - RP471 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Family.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:10:34 PM, on 07/30/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Family\Desktop\dss.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {4A97F1C4-6C1A-4017-8666-5819CA9A3AE4} - C:\WINDOWS\system32\geBqQhgD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {1eb2ec76-ed79-4a88-d5c4-6c879fb92bbe} - {ebb29bf9-78c6-4c5d-88a4-97de67ce2be1} - C:\WINDOWS\system32\unnffk.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [a8ead28c] rundll32.exe "C:\WINDOWS\system32\rtygqyvl.dll",b
O4 - HKLM\..\Run: [BMabd9e110] Rundll32.exe "C:\WINDOWS\system32\onfrbhxd.dll",s
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cicero.ca/
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extend...s/iaieplay.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1193323682406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193323659546
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://engrwww.usask.ca/department/s...y/ts/msrdp.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6754 bytes

-- File Associations -----------------------------------------------------------

.scr - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress (file missing)
S2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" (file missing)
S4 MSSQLServerADHelper (SQL Server Active Directory Helper) - "c:\program files\microsoft sql server\90\shared\sqladhlp90.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&2E5126C&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&2E5126C&0&01
Service: NVENETFD

-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 18:23:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 20:08:40 0 d-------- C:\Program Files\Trend Micro
2008-07-30 19:09:24 0 d-------- C:\ie-spyad_zo
2008-07-30 15:41:31 0 d-------- C:\Program Files\Panda Security
2008-07-30 14:28:46 83456 --a------ C:\WINDOWS\system32\rtygqyvl.dll
2008-07-30 14:25:49 105472 --a------ C:\WINDOWS\system32\unnffk.dll
2008-07-30 14:25:46 105472 --a------ C:\WINDOWS\system32\mkmgxisw.dll
2008-07-30 14:22:46 91648 --a------ C:\WINDOWS\system32\onfrbhxd.dll
2008-07-29 21:09:15 1096 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 12:33:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-29 12:02:18 0 d-------- C:\Program Files\SpywareBlaster
2008-07-29 11:27:01 105472 --a------ C:\WINDOWS\system32\pngvbl.dll
2008-07-29 11:27:00 105472 --a------ C:\WINDOWS\system32\ahjpppua.dll
2008-07-29 11:25:02 91648 --a------ C:\WINDOWS\system32\vdlcvhpu.dll
2008-07-29 11:24:00 612425 --ahs---- C:\WINDOWS\system32\DghQqBeg.ini2
2008-07-29 11:12:30 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-29 11:04:57 68096 --a------ C:\WINDOWS\zip.exe
2008-07-29 11:04:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-29 11:04:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-29 11:04:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-29 11:04:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-29 11:04:57 98816 --a------ C:\WINDOWS\sed.exe
2008-07-29 11:04:57 80412 --a------ C:\WINDOWS\grep.exe
2008-07-29 11:04:57 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-29 10:48:59 0 d-------- C:\Documents and Settings\Family\Application Data\Bitdefender
2008-07-29 10:06:47 0 d-------- C:\Documents and Settings\Family\Application Data\Mozilla
2008-07-29 10:00:43 0 dr-h----- C:\Documents and Settings\Family\Recent
2008-07-28 21:50:28 113180 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-28 19:49:04 91648 --a------ C:\WINDOWS\system32\roeiyidj.dll
2008-07-28 19:47:10 314880 --a------ C:\WINDOWS\system32\geBqQhgD.dll
2008-07-28 19:42:15 0 d-------- C:\WINDOWS\RmFtaWx5
2008-07-24 19:15:50 0 d-------- C:\Program Files\Strawberry Prolog
2008-07-20 21:12:28 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-19 21:10:00 0 d-------- C:\Program Files\Safari

-- Find3M Report ---------------------------------------------------------------

2008-07-30 20:10:16 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-30 19:24:13 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-29 11:57:52 0 d-------- C:\Program Files\Windows Live
2008-07-29 11:24:10 0 d-------- C:\Program Files\Common Files
2008-07-22 20:24:26 0 d-------- C:\Program Files\HiDownload
2008-07-19 22:25:15 0 d-------- C:\Documents and Settings\Family\Application Data\Apple Computer
2008-07-19 21:17:01 0 d-------- C:\Program Files\QuickTime
2008-07-19 21:04:48 0 d-------- C:\Program Files\Apple Software Update
2008-07-10 19:02:47 0 d-------- C:\Program Files\Winamp
2008-07-01 11:21:21 0 d-------- C:\Program Files\NoteWorthy Composer
2008-06-26 19:41:25 0 d-------- C:\Documents and Settings\Family\Application Data\ICAClient
2008-06-24 12:05:09 1327 --a------ C:\WINDOWS\EntPack.dat
2008-05-21 22:29:09 906 --a------ C:\Documents and Settings\Family\Application Data\wklnhst.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A97F1C4-6C1A-4017-8666-5819CA9A3AE4}]
07/28/08 07:47 PM 314880 --a------ C:\WINDOWS\system32\geBqQhgD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebb29bf9-78c6-4c5d-88a4-97de67ce2be1}]
07/30/08 02:25 PM 105472 --a------ C:\WINDOWS\system32\unnffk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/07 01:41 AM]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [03/16/08 11:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/08 10:50 AM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/07 02:49 PM]
"a8ead28c"="C:\WINDOWS\system32\rtygqyvl.dll" [07/30/08 02:28 PM]
"BMabd9e110"="C:\WINDOWS\system32\onfrbhxd.dll" [07/30/08 02:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IECheck"="C:\WINDOWS\IECheck.exe" [11/17/05 08:40 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/04 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBqQhgD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uakos"="C:\Documents and Settings\Family\Application Data\F?nts\j?vaw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"NI.UGA6P_0001_N122M2802"="C:\DOCUME~1\Family\LOCALS~1\Temp\winvsnet.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"BMabd9e110"=Rundll32.exe "C:\WINDOWS\system32\roeiyidj.dll",s

*Newly Created Service* - GTNDIS5

-- End of Deckard's System Scanner: finished at 2008-07-30 20:11:09 ------------

I am using BitDefender Free Edition v10 as well as Spybot S&D 1.4.

I appreciate any help you can provide.