|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
05-11-2009, 06:43 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 29
OS: Windows 7
|
Potential Infection - Internet not working and PC slowdowns
I believe that a worm may have infected my computer unfortunately. This last week I have been getting a pop up about Windows Genuine Advantage Notifications. It looks like the legit thing, similar to this, (http://www.raymond.cc/images/wga1717agree.gif).
When I look in the processes running it shows as 2 instances of wgasetup.exe. There is also alg.exe that I have never seen before. The weird part is that I am running ESET NOD32 with the latest definitions update and I did a full scan on the computer and nothing showed up as a threat. Nothing has been disabled on its own and Ad-Aware hasn't shown anything either. However, my computer is much slower than usual and nothing has been done to it. The most prominent issue though is my Internet. Before this happened, my Internet speed and connection was fine. Suddenly now, Firefox says that the connection has been reset to the server. Most sites I can't visit and the same happens in IE. I called Verizon and they assigned me a new IP address but the same thing happens. I suspect that one of the younger ones in the family was on AIM and got something on my computer. I looked at Google for a WGA look a like and got something about Cuebot-K. I looked for the Windows Genuine Advantage Service and it wasn't there. I ran a WGA Remover to see if that would work but it still showed up. The WGA pops up every time when I start the computer but I just click cancel so it doesn't install anything else. It's not listed in MSconfig for me to stop starting up when I turn the PC on. Can this worm look at my files and send them to a third party? Maybe it is doing that and that is why my internet is so slow and hardly works. I backed up my important files already so I can clean sweep with XP again. Everything other than the above seems to work, I can visit security sites and do updates. The last update from WGA from MS Updates is from April so I doubt the pop up is legit since it hasn't updated since. Note: I wasn't able to read the instructions for the GMER test and to uncheck some stuff so I did it with everything checked. I hope that you can still use the scans because I am away and the scan took 2 hours to perform. Here is the DDS log: DDS (Ver_09-03-16.01) - NTFSx86 Run by Administrator at 17:26:33.39 on 05/10/09 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1625 [GMT -4:00] AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) FW: ESET Personal firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\KB905474\wgasetup.exe C:\WINDOWS\system32\KB905474\wgasetup.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\taskmgr.exe G:\dds.scr C:\WINDOWS\system32\wuauclt.exe ============== Pseudo HJT Report =============== BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220048508799 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220052745343 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\j6yaqc4e.default\ FF - prefs.js: browser.startup.homepage - www.cnn.com ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664] R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224] =============== Created Last 30 ================ 2009-04-21 23:17 <DIR> --d----- c:\windows\system32\KB905474 2009-04-14 21:35 2,560 -------- c:\windows\system32\xpsp4res.dll ==================== Find3M ==================== 2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll 2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll 2008-11-21 18:16 30 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat ============= FINISH: 17:27:11.79 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
