Slow startup & weird security action, help me dig up the malware

Hi Majorgeeks!

I'm having a problem with this elderly laptop of mine. Over the past week or so, it has started to tremendously freeze, especially on startup. When you finally get to start the browser, it often goes to the "Not responding" state for a few seconds before restoring to normal.

One thing that caught my eye the other day is that, during startup my antivirus (F-Secure 7) can report the firewall or antivirus as not functioning properly, for just a few seconds. This is what alerted me to think that it's not a messy registry on fragmentation, but something else.

However, I have run the F-Secure, Ad-Aware 2008 and SpyBot 6 and all do come up clean. It's worth mentioning though that, for some reason the SpyBot Immunization fails on some IE related items under the All Users folder, don't know what's that about.
In addition, I also have the SpywareBlaster shield active.

So I took the approaches mentioned on this forum (for XP). The SUPERAntiSpyware and Malwarebytes were clean (posting them anyway), but the other two may have found something, I'm not sure.

I would be absolutely greatful if someone took my logs under inspection and advised me what to do next. It's kind of frustrating to run so many analyses I did and still find no concrete indication of infection.

Thanks a lot for your cooperation!

Cheers,
-Janski

 

... and here the MGlogs

 

Re: Slow startup & weird security action, Trojan.Win2.Pakes.lth

Thanks for responding.

Got new info on this:

The computer is still snailing on. I downloaded a new version of my Antivirus, and it immediately said the infection was Trojan.Win2.Pakes.lth

It's said to be located in %userprofile%\Local Settings\temp\nsoD.tmp\System.dll

I could just try and remove the temp folder, but I prefer not to do this at this point.

Googled it, and found suprisingly little info. Many suspect it's a false positive, but I feel it's very real. It said somewhere that it can hack to your MSN account, and that indeed happened to me a while ago.

On http://www.spywaredb.com it says a software called Spyware Doctor can fix this thing, so I'm running it as I type. I got several registry entries that point to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum....

Fixing the problem(s) ain't possible with Spyware Doctor though, cause it requires purchasing.

Any further info about my situation and how to fix it, please? I'm running out of ideas.

Thanks.

 

Tim,

So far what I've done since the last post:

I have run Windows Defender (came up empty)
I have run Spyware Doctor from PC Tools. The only program to find anything so far. (Found lots of stuff as mentioned before. Got it to clean up also when downloading it as part of Google Pack). I wonder if there is a log file to be found of that scan?

Identified a few unnecessary startup programs to clear from the registry to speed up things, none of which were spyware.

Still the problem seems to continue, something keeps affecting my AntiVirus to notify me that it's not working properly, and at times the computer just freezes down.

Here's the fresh MGLogs

 

Sorry for the break.

Those other scanners were just on-demand trials that I never used on top of each other. The Google Pack Norton. I've uninstalled that now.

It seems I've figured out more of the problem. When I run the Ad-Aware scan, it says it's scanning my HOSTS and displaying some obscure, mostly Chinese URLs with an IP address. Can this be my file?

However, browsing through the HOSTS manually in the system\etc folder, I found no other than 127.0.0.1 entries there. I deleted all the HOSTS backups - there were many, I don't think I've taken all those - and what I did next, was disable the DNS service, mapping only through HOSTS now.

For less than a days use, I can say the CPU performs a lot better now! So I seem to have fixed the symptoms, but I still have absolutely no idea if what caused my worries in the first place, is gone from the system.