I really hope someone can help me. My webpages (when they load at all) load extremely slowly and I'm downloading at just under 2 Kb a second.

Something has shut down my McAfee for Small business and when I contacted tech support for the computer (my brother is homeschooled) they suggested that I unistall/reinstall McAfee. When I tried to run the app an error popped up saying that the .exe file was not a valid Win32 application. I get the same message for AVG Free and Windows LiveOneCare.

I attempted to run HijackThis and I get this error msg: MSVBM60.DLL was not found

I downloaded other types (older, zipped, self-extracting) in hopes of tricking the computer, but alas, it still outsmarted me.

Ad-Aware throws an error and fails to load, Spybot SD doesn't find anything.

I tried to run Trend Micro HouseCall and it just hangs. I left it for more than an hour and it still hadn't started.

I have a LAN internet connection.

The computer is an HP running Windows XP Pro Service Pack 2. As far as I know, the automtic updates are...well, up to date.

Does anyone know what's causing this?...and even better, how to fix it. I just hate when the little nasties outsmart me.

Download ComboFix by sUBs from either of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

How to use Combofix:
http://www.bleepingcomputer.com/comb...o-use-combofix

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

I recommend using msconfig to disable all startup items and non MS services before running ComboFix to ensure AV programs and others that interfere are disabled. A reboot is required after changes are made in msconfig.

Thank you so much for the help!

But, it will not let me completely download Combo fix. It takes about 40 minutes to download 1.11 mb of the 1.52 mb file. I have downloaded multiple times from both sites and get this error: Some installation files are corrupt. Please download fresh copy and retry.

And...combofix stalls right there, I have to manually end the process to remove it from the task bar.

Is there anything I can do to get around this?

Download Combofix on another PC and copy to desktop. You can use a flash (thumb) drive to copy the file or burn to a CD.

Have you disabled startup items and non MS services yet? That may help some.

In addition to running ComboFix as per willcomp's post, it sounds like you need to go to the linky below and re-install Microsoft Visual Basic run-time:

http://www.microsoft.com/downloads/d...displaylang=en

-- Also, I would recommend installing the Recovery Console before running ComboFix.

Best Luck
PP

Thanks for the tips! I downloaded MS Visual Basics (I'm not sure what exactly it did/does) and I also installed Firefox (which let me download and run ComboFix and HijackThis. Here are the logs.

ComboFix:

ComboFix 08-02-18.1 - Parent 2008-02-18 17:59:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.88 [GMT -5:00]
Running from: C:\Documents and Settings\Parent\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 17:44 . 2008-02-17 17:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-17 17:36 . 2008-02-17 17:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-15 18:06 . 2008-02-15 19:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 18:06 . 2008-02-15 19:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-15 18:05 . 2008-02-15 20:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 18:05 . 2008-02-15 19:54 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 11:13 . 2008-02-15 11:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-15 10:55 . 2008-02-15 10:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-15 10:55 . 2008-02-15 10:55 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-15 10:55 . 2008-02-15 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-02-15 08:59 . 2006-12-05 17:17 240 --a------ C:\WINDOWS\myClean.bat
2008-02-15 07:34 . 2008-02-15 07:43 130,958 --a------ C:\WINDOWS\hpoins12.dat
2008-02-15 07:34 . 2007-01-22 11:05 1,470 --------- C:\WINDOWS\hpomdl12.dat
2008-02-15 07:22 . 2008-02-15 10:55 <DIR> d-------- C:\Program Files\McAfee
2008-02-13 13:12 . 2008-02-13 13:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-13 13:12 . 2008-02-13 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 13:11 . 2008-02-13 13:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 13:04 . 2008-02-13 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 13:04 . 2008-02-13 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 21:37 . 2008-02-12 21:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-12 19:15 . 2008-02-12 19:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-09 08:49 . 2008-02-12 21:37 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2008-02-09 08:49 . 2008-02-12 21:37 <DIR> d-------- C:\Program Files\Adobe(2)
2008-02-05 22:35 . 2008-02-05 22:35 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-02-05 22:35 . 2008-02-14 18:52 <DIR> d-------- C:\Program Files\Fish Tycoon
2008-02-05 22:35 . 2005-12-28 18:03 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2008-01-29 14:08 . 2008-01-29 14:08 <DIR> d-------- C:\Documents and Settings\Parent\Application Data\Apple Computer
2008-01-29 14:04 . 2008-01-29 14:04 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-29 09:53 . 2008-01-29 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-29 09:52 . 2008-01-29 11:39 <DIR> d-------- C:\Documents and Settings\Parent\Application Data\HP
2008-01-29 09:50 . 2008-02-15 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-28 08:56 . 2008-01-29 08:17 <DIR> d-------- C:\Program Files\Google
2008-01-26 17:35 . 2008-01-28 19:09 <DIR> d-------- C:\Documents and Settings\Parent\Application Data\Yahoo!
2008-01-26 17:07 . 2008-01-28 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-26 16:10 . 2008-01-26 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-25 19:14 . 2008-01-25 19:14 <DIR> d-------- C:\Documents and Settings\Parent\Application Data\Motive
2008-01-25 13:36 . 2008-01-25 13:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-25 13:35 . 2008-01-25 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-25 13:35 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-01-25 13:34 . 2007-03-18 01:11 675,840 --a------ C:\WINDOWS\system32\hpowiax3.dll
2008-01-25 13:34 . 2007-03-18 01:11 569,344 --a------ C:\WINDOWS\system32\hpotscl3.dll
2008-01-25 13:34 . 2007-03-18 01:11 303,104 --a------ C:\WINDOWS\system32\hpovst10.dll
2008-01-25 13:34 . 2007-03-31 00:07 267,864 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-01-25 13:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-25 13:34 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-25 13:20 . 2008-02-15 10:56 <DIR> d-------- C:\Program Files\HP
2008-01-25 13:01 . 2008-01-29 09:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-25 13:01 . 2007-03-08 14:20 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-25 13:01 . 2007-03-08 14:20 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-25 12:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-25 12:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-24 23:39 . 2008-02-06 12:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 23:39 . 2008-01-24 23:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 23:15 . 2008-01-23 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-01-23 21:56 . 2008-01-23 21:56 <DIR> d-------- C:\WINDOWS\Sun
2008-01-23 18:47 . 2008-01-23 19:58 <DIR> d-------- C:\Documents and Settings\Parent\Application Data\Elluminate
2008-01-23 14:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-23 00:09 . 2008-01-23 21:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 00:08 . 2008-01-28 16:19 <DIR> d-------- C:\Program Files\Oberon Media
2008-01-22 20:41 . 2008-01-22 20:56 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-22 20:41 . 2008-01-22 20:56 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-22 20:41 . 2008-01-22 20:56 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-21 17:36 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-21 17:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-21 17:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-21 17:36 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-21 14:23 . 2008-01-21 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-21 14:21 . 2008-01-21 14:21 <DIR> d-------- C:\WINDOWS\Motive
2008-01-21 14:21 . 2008-01-25 19:47 <DIR> d-------- C:\Program Files\HughesNet Tools
2008-01-21 13:48 . 2002-02-14 01:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-21 13:44 . 2008-01-21 14:21 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-21 13:44 . 2008-01-25 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:07 --------- d-----w C:\Program Files\Common Files\Real
2008-01-23 19:15 --------- d-----w C:\Program Files\Java
2008-01-21 18:44 155,995 ----a-w C:\WINDOWS\java\Packages\YNXRT7XN.ZIP
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2002-12-31 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{222e9023-f3fe-11db-b313-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c48e1026-f283-11db-822a-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - WINDEFEND
.
Contents of the 'Scheduled Tasks' folder
"2008-02-17 22:47:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:00:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 18:00:57
ComboFix-quarantined-files.txt 2008-02-18 23:00:29
ComboFix2.txt 2008-02-18 22:50:04
.
2008-02-13 14:08:58 --- E O F ---


...And the Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 6:03:53 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Parent\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/onlin...jolauncher.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab



I don't seem to have as many problems with Firefox as I did with IE. Then again, it could just be the calm before the storm .

Thanks in advance for your help!

Hi Joletta,

I am pretty tied up with work, but since your original responder has not posted back yet, I though I'd jump in and say that at quick glance I do not see any obvious malware in your ComboFix log.

-- With the reinstall of M$VB runtime, you ought to be able to run the latest version of HijackThis. I haven't seen v1.97.7 in about four years.....

-- It does sound like something is cattywampus with your machine - have you done any malware cleaning recently? Any new software added or any big changes to the machine recently?

Hopefully your original responder will post back with some ideas as well.

PP

The Combofix log is clean.

Did you install VB6 runtime? It's the Visual Basic (VB) runtime module and is required for software written in VB.

why cant i install an antivirus

Is that a trick question?