Hello,
about 45 mins ago I searched google for “najlepszy-bank.eu” and found a few links - I clicked all links and after that I heard a sound of reading my diskette and then I saw in a blast a console (something like DOS) and it minimized immediately and disappeared so I couldn’t see what was that… After that I fastly restarted my comp and after I turned it on again the diskette thing happen all the time! Non stop! Every 22 seconds it starts to read my diskette! I’m afraid it’s a virus or something, I checked already with Avast! but it haven’t found me anything. Please help here’s my log:

Logfile of HijackThis v1.99.1
Scan saved at 02:04:35, on 2009-02-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\z pulpitu\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config “C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: wampapache - Unknown owner - E:\www\wamp\bin\apache\apache2.2.11\bin\httpd.exe” -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - E:\www\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

I’m confused why you would click all links, as for sure they all couldn’t be for the “najlepszy-bank.eu” (best-bank.eu) as I assume by searching for a domain name you were looking for a specific bank.

You are running an old version of hijackthis, your OS is way out of date (XP SP3 is now 8 months old), and you have the original XP not even SP1 or SP2, this leaves your system extremely vulnerable to exploits that have been closed by security updates.

Because of that your IE6 is also way out of date not also IE6 SP3 and you couldn’t get IE7 as XP SP2/3 is a OS requirement.

You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?

I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

All in all your system needs a serious update.

Ok i know that… I think i have a firewall - i use Avast antivirus. I clicked those links because they were links to the catalogues where owner of “najlepszy-bank.eu” added this site, i also have a site and I wanted just to add my site to the same catalogues as he did… This thing with the FDD is making me crazy! Every few seconds it tries to read FDD! Can you help me with that? ps. I did scan with hijackthis 2.02 and it showed the same thing

Forget about a software firewall and install SP3 first.

Your system is a liability to the Internet so at least enable Windows built in firewall by going to start then Control Panel then Network Connections then select the connection then enable the firewall.

I used Combofix and the problem disappeared!

here’s my log:

ComboFix 09-02-19.01 - tixxx 2009-02-22 14:16:34.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.511.335 [GMT 1:00]
Uruchomiony z: c:\documents and settings\tixxx\Pulpit\ComboFix.exe

• Utworzono nowy punkt przywracania
  .

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3d8caps.dat

.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-22 03:39 . 2009-02-22 03:39 d–hs---- C:\FOUND.005
2009-02-22 03:27 . 2009-02-22 03:27 d-------- c:\windows\system32\NtmsData
2009-02-22 02:01 . 2009-02-22 02:01 d–hs---- C:\FOUND.004
2009-02-12 23:17 . 2009-02-12 23:17 d-------- c:\documents and settings\tixxx\Dane aplikacji\AI Internet Solutions
2009-02-12 23:17 . 2006-12-06 12:00 2,178,968 --a------ c:\windows\system32\csevalidator.dll
2009-02-12 23:17 . 2006-03-03 09:02 1,680,896 --a------ c:\windows\system32\vcl100.bpl
2009-02-12 23:00 . 2009-02-12 23:00 270 --a------ c:\windows\st.ini
2009-01-30 16:35 . 2009-01-30 16:35 d–hs---- C:\FOUND.003
2009-01-26 16:18 . 2009-01-26 16:18 d–hs---- C:\FOUND.002
2009-01-23 10:57 . 2009-01-23 10:57 d-------- C:\3gptemp
2009-01-23 10:51 . 2009-01-23 10:51 132 --a------ c:\windows\system32\temp_0000_265-1.aok

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 14:10 410,984 ----a-w c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

2001-10-26 16:49 955392 fd1a8a480e54253ba74abf2019308e3d c:\windows\system32\kernel32.dll
2001-10-26 17:49 955392 66cabb7839f2c3665b877a5355ba0ba9 c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“NvQTwk”
“WooCnxMon”=“c:\progra~1\NEOSTR~1\CnxMon.exe” [2003-10-16 24576]
“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]
“WOOWATCH”=“c:\progra~1\NEOSTR~1\Watch.exe” [2003-10-16 20480]
“WOOTASKBARICON”=“c:\progra~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 53248]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 49152]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2002-09-11 155648]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-15 136600]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2001-10-26 13312]

c:\documents and settings\All Users\Menu Start\Programy\Autostart
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-09 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“vidc.DIVF”= DivX412.dll

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-11 114768]
R3 SiS7012;Service for AC’97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-10-09 61312]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-01-21 16512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
.

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 14:18:14
Windows 5.1.2600 FAT NTAPI

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone
ukryte pliki: 0

.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

• • • • • • • ‘winlogon.exe’(476)
              c:\windows\system32\NVDESK32.DLL
              c:\windows\system32\ODBC32.dll

• • • • • • • ‘lsass.exe’(532)
              c:\windows\system32\NVDESK32.DLL
              c:\windows\system32\mswsock.dll
              c:\windows\System32\wshtcpip.dll
              c:\windows\System32\dssenh.dll
              .
              Czas ukończenia: 2009-02-22 14:19:35
              ComboFix-quarantined-files.txt 2009-02-22 13:19:34

Przed: 1 798 488 064 bajtów wolnych
Po: 1,996,091,392 bajtów wolnych

WinXP_PL_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect

104

is anything wrong with that?
btw I can’t find a firewall where you told me to turn it on - there’s no such option in “connections”

Sorry but I can’t understand Polish.

btw I can't find a firewall where you told me to turn it on - there's no such option in "connections"

i don’t know about SP3, my machine is quite slow - 1.3GHz (bought 5 years ago) and 512MB RAM, I’m worried SP3 would make it slower… correct me if I’m wrong

As far I know, SP3 does not decrease performance, on contrary.
Anyway, I’ve tested it in a lot of computers with 512Mb of RAM and not that I could see performance issues.

There should be no speed differences, I certainly didn’t notice any on my old system after installing SP3, this system came pre-installed with XP Pro SP3.