Jump to content

Really Slow Internet. Please Help.


Recommended Posts

hey. my computer desktop backround changed itself. it said "virus has been detected! please install a spyware." i downloaded the RougeRemover and scanned the computer but it said that "Rouge Remover didn't detect any items". then i downloaded the Malwarebytes' Anti-Malware and scanned the computer. but the internet is still really slow. the log file that was created was:

Malwarebytes' Anti-Malware 1.24

Database version: 1012

Windows 5.1.2600 Service Pack 2

16:06:57 16/08/2008

mbam-log-8-16-2008 (16-06-57).txt

Scan type: Quick Scan

Objects scanned: 96667

Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 16

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\interface.interfaceobj (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{fac55b9f-8f6a-4a41-ae16-36845d4679b2} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b1317c08-617a-435d-a24f-a930f4540696} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{58f07dd3-924d-4141-bc74-299f523a95f1} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\interface.interfaceobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\pxwma.DLL (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpj3j0e5a3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Adity\Application Data\Zango TvTimes (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\My Preference (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\pxwma.dll (Adware.WebDir) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\My Preference\Startup.xml (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Display (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Loading (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Welcome (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\blphcpj3j0e5a3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\phcpj3j0e5a3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

What should i do next? Please Help. thanks a lot.

adhareula.

Link to post
Share on other sites

hey. i followed the Pre- HJT Post Instructions and my internet got a bit quicker after the scans but it is still quite slow. Here are the MBAM, Panda Active and HiJack This logs .

MBAM:

Malwarebytes' Anti-Malware 1.24

Database version: 1060

Windows 5.1.2600 Service Pack 2

15:29:25 17/08/2008

mbam-log-8-17-2008 (15-29-25).txt

Scan type: Quick Scan

Objects scanned: 84338

Time elapsed: 50 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda Active:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-17 21:14:49

PROTECTIONS: 1

MALWARE: 33

SUSPECTS: 3

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG 7.5.526 7.5.526 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00018331 adware/gator Adware No 0 Yes No c:\windows\gatorfddli.log

00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe

00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe

00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe

00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}

00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker.1

00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker

00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.atdmt.com/]

00141436 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\system32\P2P Networking v126.cpl

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.tribalfusion.com/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@anm.co[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@ccbill[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@yadro[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.yadro.ru/]

00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@webpower[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@xiti[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@azjmp[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.azjmp.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@toplist[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@bs.serving-sys[1].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.888.com/]

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@888[1].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.888.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@www.burstbeacon[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[server.iad.liveperson.net/]

00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@servlet[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@fl01.ct2.comclick[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]

00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find

00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find

00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@questionmarket[1].txt

00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@888[2].txt

00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@cassava[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@adultfriendfinder[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@go[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.go.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@searchportal.information[1].txt

00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.adserver.easyad.info/]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\system32\2.tmp

No C:\WINDOWS\system32\3.tmp

No C:\WINDOWS\system32\4.tmp

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

HiJack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:15:04, on 17/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by129w.bay129.mail.live.com/mail/In...amp;n=959851342

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.13:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [Wildcensored] C:\WINDOWS\Wildcensored.exe -n

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Search - ?p=ZJ

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122639981270

O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9287 bytes

Link to post
Share on other sites

Hi, please keep your responses in this same topic, do not start a new one.

Be sure you have your system set to show all files and folders.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Find these files using Windows Explorer, C:\WINDOWS\system32\wdfmgr.exe and C:\WINDOWS\Wildcensored.exe -n , please and put it into a zip file, by right clicking on it and choosing send to zipped folder, name it adhareula and upload to here . Then delete the zipped file and the one you sent to the zipped folder.

Do a scan only with HJT and put a check next to these lines below and click fix.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Wildcensored] C:\WINDOWS\Wildcensored.exe -n

O8 - Extra context menu item: &Search - ?p=ZJ

O18 - Filter hijack: text/html - (no CLSID) - (no file)

Reboot and update MBAM run a quick scan.

Post that log and a new HJT log in this thread in your next response. Let me know how things are running.

Link to post
Share on other sites

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.