viruses and malware issues

Have the current problems/infections on my tower. Problems started approximatley a week ago. System is loaded with Windows XP 32 Bit. Have run Avast, malware bytes, super anti spy ware, and spy bot without success. No program finds issues. Avast Flaggin the following sites/issues

URL - http://espeak911.com/x/
Process - C:\WINDOWS\System32\svchost.exe
Infection - URL:Mal

URL - http://37.220.36.44/x/
Process - C:\WINDOWS\System32\svchost.exe
Infection - URL:Mal

URL - http://colexity777.com/x/
Process - C:\WINDOWS\System32\svchost.exe
Infection - URL:Mal

Any help would be greatly appreciated.

I am posting on another pc as I can not access the complete Avast screens. Please make sure all files are downloadable as I will pu them on a tumb drive and transfer to infected tower.

You may have a siref rootkit…

Follow the guide and attach the logs. http://forum.avast.com/index.php?topic=53253.0

Need to clean the pc not tell me what I may have.

When the loggs attached a malware remover … Like essexboy … Will analyze the logs to see what is there, then clean it

When you know whats in there, then you can select the right tool … Instead of downloading evry tool you find on the net and try

With so many cleaning tools out there its important to identify exactly what the problem is before running any of them. Hence why you were asking to post logs of your problem.

He is trying to help you, I would listen if I were you.

Sorry first time I viewed post it did not have a link.

Essexboy will be back in the forum tomorrow and check the logs… I have sendt him a PM

If you surf the other posts in this section you will see how it is done

No issues found here is the log from malwarebytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Donald :: UPSTAIRS [administrator]

8/16/2012 7:43:27 PM
mbam-log-2012-08-16 (19-43-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219496
Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL only created txt file not an extras.txt. File is attached

aswmbr log attached

farbar log

Farbar Service Scanner Version: 06-08-2012
Ran by Donald (administrator) on 16-08-2012 at 21:17:03
Running from “C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\AVJHDEHF”
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Security Center:

Windows Update:

Windows Autoupdate Disabled Policy:

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

You also have searchqu toolbar which I will remove as well

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Here is the Kapersky TDSS log

Re-run TDSSKiller with the same parameters and when you get this select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

How is the computer behaving now ?

Then could you update and run Malwarebytes, posting the resultant log

I tried to download AdwCleaner from your link, it will not donwload. After I select download the screen changes to French. Should I run Kaspersky again before I run AdwCleaner?

http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner ok try this link

No run Kaspersky after, adw will not take more than a minute or two

Here is the log from AdwCleaner

AdwCleaner v1.801 - Logfile created 08/17/2012 at 18:39:30

Updated 14/08/2012 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : Donald - UPSTAIRS

Boot Mode : Normal

Running from : C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.IE5\W89F7XCI\adwcleaner[2].exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

***** [Internet Browsers] *****

-\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Donald\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[S1].txt - [363 octets] - [17/08/2012 17:51:50]
AdwCleaner[S2].txt - [8194 octets] - [17/08/2012 17:54:27]
AdwCleaner[S3].txt - [363 octets] - [17/08/2012 18:36:28]
AdwCleaner[S4].txt - [978 octets] - [17/08/2012 18:39:30]

########## EOF - C:\AdwCleaner[S4].txt - [1105 octets] ##########

After running AdwCleaner I re-ran TDSSKiller, din NOT get \Device\Harddisk0\DRO (TDSS File System), so it is not deleted. Updated and re-ran Malwarebytes, log attached.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Donald :: UPSTAIRS [administrator]

8/17/2012 6:59:32 PM
mbam-log-2012-08-17 (18-59-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218840
Time elapsed: 23 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

How is the computer behaving now ?