Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here Is My Hijackthis Log File (agent39)


  • This topic is locked This topic is locked
17 replies to this topic

#1 Agent39

Agent39

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 17 May 2007 - 02:27 PM

Hey Guys

First off, this is a very cool website. Nice to see such great service for free.

Second, I need some help.

I have Bell Sympatico high speed internet, and just a couple of weeks ago my internet has become extremely slow. I always do regular spyware checks with spyboy s&d and Adaware. I also do Virus checks here and there. I am running out of ideas. I have never had this problem before.

An example of my problem : I used to watch videos on Youtube.com and I could watch the videos as soon as I clicked them basically.........now I have to wait for half an hour just to watch a 4 minute movie!

Here is my HijackThis log file :

Logfile of HijackThis v1.99.1
Scan saved at 3:16:25 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: HyperSearchHook - {A4D149EC-960E-4EE8-9647-AD0618A181EB} - (no file)
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\damlqpic.dll",realset
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168636426781
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{251B2456-8C99-45CE-BE06-E2B46273429F}: NameServer = 206.47.244.42 206.47.244.78
O17 - HKLM\System\CS3\Services\Tcpip\..\{251B2456-8C99-45CE-BE06-E2B46273429F}: NameServer = 206.47.244.42 206.47.244.78
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: 59.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Your help is EXTREMELY APPRECIATED GUYS, THANKS!

(Agent)~39

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 19 May 2007 - 07:02 PM

Hello,

The reason why your system is slow, especially Internet, is not only because of the malware present, but also because you have two firewalls installed. You have Zonealarm Firewall and the firewall from Trendmicro Internet Security.
Never install more than one Firewall, because they are not compatible and cause a serious system slowdown.
So I suggest you uninstall Zonealarm here.

Reboot after uninstalling!

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: HyperSearchHook - {A4D149EC-960E-4EE8-9647-AD0618A181EB} - (no file)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\damlqpic.dll",realset
O20 - AppInit_DLLs: 59.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if you recieve an error in HijackThis.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 21 May 2007 - 03:54 PM

Once again, thanks a billion for your help.

While I do have both Trendmicro Internet Security and Zonealarm Pro installed, I only use Trendmicro for it's anti-virus features......the firewall aspect of the program has been disabled, so it shouldn't be a problem for me. Zonealarm is obviously just being used as a firewall. I don't think I can even TURN ON the firewall part of Trendmicro, because I asked for that part of the program to not be installed when I installed it.

If you still think I should uninstall Zonealarm, I can. I don't think that will be necessary though.





Here is my new logfile from HijackThis :




Logfile of HijackThis v1.99.1
Scan saved at 4:36:54 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168636426781
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe








and here is my Combofix log :





"Jamie" - 2007-05-21 15:41:47 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Jamie\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bcybdjwq.dll
C:\WINDOWS\system32\cdgkywtd.dll
C:\WINDOWS\system32\cncrmeaw.dll
C:\WINDOWS\system32\hvvkgqig.dll
C:\WINDOWS\system32\hwhfifks.dll
C:\WINDOWS\system32\igngambi.dll
C:\WINDOWS\system32\iifffed.dll
C:\WINDOWS\system32\iotlmsdu.dll
C:\WINDOWS\system32\jhsrqigh.dll
C:\WINDOWS\system32\jvskdess.dll
C:\WINDOWS\system32\kmmvvmaj.dll
C:\WINDOWS\system32\ltlcwehm.dll
C:\WINDOWS\system32\nkhdijmp.dll
C:\WINDOWS\system32\oduswtmp.dll
C:\WINDOWS\system32\pqqwmhck.dll
C:\WINDOWS\system32\ubednhsc.dll
C:\WINDOWS\system32\wdqceynq.dll
C:\WINDOWS\system32\wigiuhgw.dll
C:\WINDOWS\system32\xgrnhlkb.dll
C:\WINDOWS\system32\xjvqiupe.dll
C:\WINDOWS\system32\yqqstogg.dll
C:\WINDOWS\system32\qwjdbycb.ini
C:\WINDOWS\system32\ibmagngi.ini
C:\WINDOWS\system32\ssedksvj.ini
C:\WINDOWS\system32\qnyecqdw.ini
C:\WINDOWS\system32\wghuigiw.ini
C:\WINDOWS\system32\bklhnrgx.ini
C:\WINDOWS\system32\mljkigf.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components\flx0.dll
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx10.dll
C:\WINDOWS\system32\components\flx100.dll
C:\WINDOWS\system32\components\flx101.dll
C:\WINDOWS\system32\components\flx102.dll
C:\WINDOWS\system32\components\flx103.dll
C:\WINDOWS\system32\components\flx104.dll
C:\WINDOWS\system32\components\flx105.dll
C:\WINDOWS\system32\components\flx106.dll
C:\WINDOWS\system32\components\flx107.dll
C:\WINDOWS\system32\components\flx108.dll
C:\WINDOWS\system32\components\flx109.dll
C:\WINDOWS\system32\components\flx11.dll
C:\WINDOWS\system32\components\flx110.dll
C:\WINDOWS\system32\components\flx111.dll
C:\WINDOWS\system32\components\flx112.dll
C:\WINDOWS\system32\components\flx113.dll
C:\WINDOWS\system32\components\flx114.dll
C:\WINDOWS\system32\components\flx115.dll
C:\WINDOWS\system32\components\flx116.dll
C:\WINDOWS\system32\components\flx117.dll
C:\WINDOWS\system32\components\flx118.dll
C:\WINDOWS\system32\components\flx119.dll
C:\WINDOWS\system32\components\flx12.dll
C:\WINDOWS\system32\components\flx120.dll
C:\WINDOWS\system32\components\flx121.dll
C:\WINDOWS\system32\components\flx122.dll
C:\WINDOWS\system32\components\flx123.dll
C:\WINDOWS\system32\components\flx124.dll
C:\WINDOWS\system32\components\flx125.dll
C:\WINDOWS\system32\components\flx126.dll
C:\WINDOWS\system32\components\flx127.dll
C:\WINDOWS\system32\components\flx128.dll
C:\WINDOWS\system32\components\flx129.dll
C:\WINDOWS\system32\components\flx13.dll
C:\WINDOWS\system32\components\flx130.dll
C:\WINDOWS\system32\components\flx14.dll
C:\WINDOWS\system32\components\flx15.dll
C:\WINDOWS\system32\components\flx16.dll
C:\WINDOWS\system32\components\flx17.dll
C:\WINDOWS\system32\components\flx18.dll
C:\WINDOWS\system32\components\flx19.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx20.dll
C:\WINDOWS\system32\components\flx21.dll
C:\WINDOWS\system32\components\flx22.dll
C:\WINDOWS\system32\components\flx23.dll
C:\WINDOWS\system32\components\flx24.dll
C:\WINDOWS\system32\components\flx25.dll
C:\WINDOWS\system32\components\flx26.dll
C:\WINDOWS\system32\components\flx27.dll
C:\WINDOWS\system32\components\flx28.dll
C:\WINDOWS\system32\components\flx29.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx30.dll
C:\WINDOWS\system32\components\flx31.dll
C:\WINDOWS\system32\components\flx32.dll
C:\WINDOWS\system32\components\flx33.dll
C:\WINDOWS\system32\components\flx34.dll
C:\WINDOWS\system32\components\flx35.dll
C:\WINDOWS\system32\components\flx36.dll
C:\WINDOWS\system32\components\flx37.dll
C:\WINDOWS\system32\components\flx38.dll
C:\WINDOWS\system32\components\flx39.dll
C:\WINDOWS\system32\components\flx4.dll
C:\WINDOWS\system32\components\flx40.dll
C:\WINDOWS\system32\components\flx41.dll
C:\WINDOWS\system32\components\flx42.dll
C:\WINDOWS\system32\components\flx43.dll
C:\WINDOWS\system32\components\flx44.dll
C:\WINDOWS\system32\components\flx45.dll
C:\WINDOWS\system32\components\flx46.dll
C:\WINDOWS\system32\components\flx47.dll
C:\WINDOWS\system32\components\flx48.dll
C:\WINDOWS\system32\components\flx49.dll
C:\WINDOWS\system32\components\flx5.dll
C:\WINDOWS\system32\components\flx50.dll
C:\WINDOWS\system32\components\flx51.dll
C:\WINDOWS\system32\components\flx52.dll
C:\WINDOWS\system32\components\flx53.dll
C:\WINDOWS\system32\components\flx54.dll
C:\WINDOWS\system32\components\flx55.dll
C:\WINDOWS\system32\components\flx56.dll
C:\WINDOWS\system32\components\flx57.dll
C:\WINDOWS\system32\components\flx58.dll
C:\WINDOWS\system32\components\flx59.dll
C:\WINDOWS\system32\components\flx6.dll
C:\WINDOWS\system32\components\flx60.dll
C:\WINDOWS\system32\components\flx61.dll
C:\WINDOWS\system32\components\flx62.dll
C:\WINDOWS\system32\components\flx63.dll
C:\WINDOWS\system32\components\flx64.dll
C:\WINDOWS\system32\components\flx65.dll
C:\WINDOWS\system32\components\flx66.dll
C:\WINDOWS\system32\components\flx67.dll
C:\WINDOWS\system32\components\flx68.dll
C:\WINDOWS\system32\components\flx69.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx70.dll
C:\WINDOWS\system32\components\flx71.dll
C:\WINDOWS\system32\components\flx72.dll
C:\WINDOWS\system32\components\flx73.dll
C:\WINDOWS\system32\components\flx74.dll
C:\WINDOWS\system32\components\flx75.dll
C:\WINDOWS\system32\components\flx76.dll
C:\WINDOWS\system32\components\flx77.dll
C:\WINDOWS\system32\components\flx78.dll
C:\WINDOWS\system32\components\flx79.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\components\flx80.dll
C:\WINDOWS\system32\components\flx81.dll
C:\WINDOWS\system32\components\flx82.dll
C:\WINDOWS\system32\components\flx83.dll
C:\WINDOWS\system32\components\flx84.dll
C:\WINDOWS\system32\components\flx85.dll
C:\WINDOWS\system32\components\flx86.dll
C:\WINDOWS\system32\components\flx87.dll
C:\WINDOWS\system32\components\flx88.dll
C:\WINDOWS\system32\components\flx89.dll
C:\WINDOWS\system32\components\flx9.dll
C:\WINDOWS\system32\components\flx90.dll
C:\WINDOWS\system32\components\flx91.dll
C:\WINDOWS\system32\components\flx92.dll
C:\WINDOWS\system32\components\flx93.dll
C:\WINDOWS\system32\components\flx94.dll
C:\WINDOWS\system32\components\flx95.dll
C:\WINDOWS\system32\components\flx96.dll
C:\WINDOWS\system32\components\flx97.dll
C:\WINDOWS\system32\components\flx98.dll
C:\WINDOWS\system32\components\flx99.dll
C:\Program Files\winupdates
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{1030D~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))


2007-05-17 15:13 <DIR> d-------- C:\HijackThis
2007-05-16 18:43 131,604 --a------ C:\WINDOWS\system32\hevsaxaa.dll
2007-05-14 17:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-14 17:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-14 17:39 <DIR> d-------- C:\Program Files\CA
2007-05-13 16:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-05-10 14:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 04:33 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-03 21:00 <DIR> d-------- C:\Program Files\Audio Encoder


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 20:49:26 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-21 18:52:07 -------- d-----w C:\Program Files\PokerStars
2007-05-18 20:38:46 -------- d-----w C:\Program Files\Full Tilt Poker
2007-05-15 00:01:24 -------- d-----w C:\Program Files\Azureus
2007-05-14 23:58:04 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\Azureus
2007-05-11 22:29:08 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\LimeWire
2007-05-11 22:29:07 -------- d-----w C:\Program Files\Incomplete
2007-05-10 21:55:32 -------- d-----w C:\Program Files\Shared Folder
2007-04-13 08:55:22 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\dvdcss
2007-04-05 06:38:29 -------- d-----w C:\Program Files\Nsauditor
2007-04-03 20:59:50 -------- d-----w C:\Program Files\Rockstar Games
2007-04-01 19:35:32 -------- d-----w C:\Program Files\THQ
2007-03-22 21:54:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-20 22:56:05 -------- d-----w C:\Program Files\cutscenes
2007-03-19 22:30:51 -------- d-----w C:\Program Files\audible
2007-03-17 20:12:13 -------- d-----w C:\Program Files\SP2 Connection Patcher
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-04 22:18:24 276,500 ----a-w C:\WINDOWS\system32\atjalqtm.dll
2007-02-14 08:56:45 44,165 ----a-w C:\WINDOWS\system32\gybnwvmy.dll
2007-02-13 02:56:08 44,165 ----a-w C:\WINDOWS\system32\akouvisl.dll
2007-02-13 02:56:03 712,724 --sh--w C:\WINDOWS\odcahrd.dll
2007-02-12 02:55:29 131,604 ----a-w C:\WINDOWS\system32\wgfffvcc.dll
2007-02-12 02:55:15 44,165 ----a-w C:\WINDOWS\system32\ynlwyvbq.dll
2007-02-11 02:55:53 131,604 ----a-w C:\WINDOWS\system32\lykavypj.dll
2007-02-11 02:55:13 44,165 ----a-w C:\WINDOWS\system32\wtgairqh.dll
2007-02-07 21:35:17 44,165 ----a-w C:\WINDOWS\system32\mnexmjgx.dll
2007-02-05 21:35:02 44,165 ----a-w C:\WINDOWS\system32\ruqrwwfx.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-10-22 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]
{BCBE6EB6-0A80-41EB-BF66-281D8FA0931a}=C:\WINDOWS\system32\hevsaxaa.dll [2007-05-16 18:43]
{FD8FC5BA-2BB1-4C89-A19F-946325432EE0}=C:\WINDOWS\Speech\ahrdtfp.dll [2007-04-22 17:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioloDelayModule"="C:\Program Files\System Mechanic Professional 6\delay.exe" [2005-06-08 21:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"NWEReboot"="" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-24 23:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-10-22 01:04]
"AtiPTA"="atiptaxx.exe" [2005-11-22 20:05 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 14:06]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ahrdtfp]
C:\WINDOWS\Speech\ahrdtfp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineil32]
wineil32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070521-152401-939
R3 - URLSearchHook: HyperSearchHook - {A4D149EC-960E-4EE8-9647-AD0618A181EB} - (no file)

backup-20070521-152401-669
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\damlqpic.dll",realset
Contents of the 'Scheduled Tasks' folder
2007-05-21 20:00:00 C:\WINDOWS\tasks\A9950931918A8099.job
2007-05-21 00:26:05 C:\WINDOWS\tasks\HP Usg Daily FY04.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-21 16:20:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-21 16:23:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-21 16:23

--- E O F ---







once again, thanks a million. The world needs more people like you :thumbsup:

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 21 May 2007 - 04:12 PM

Hi,

We still have a lot to do here though.. since the malware is still active and running. We also need some additional tools since some commandline options in Combofix won't work for certain files.

It's important you follow my next instructions in the right order..

Let's see what can be deleted first (non stubborn ones), so do next:

* Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:

    C:\WINDOWS\system32\atjalqtm.dll
    C:\WINDOWS\system32\gybnwvmy.dll
    C:\WINDOWS\system32\akouvisl.dll
    C:\WINDOWS\odcahrd.dll
    C:\WINDOWS\system32\wgfffvcc.dll
    C:\WINDOWS\system32\ynlwyvbq.dll
    C:\WINDOWS\system32\lykavypj.dll
    C:\WINDOWS\system32\wtgairqh.dll
    C:\WINDOWS\system32\mnexmjgx.dll
    C:\WINDOWS\system32\ruqrwwfx.dll
    C:\WINDOWS\system32\wineil32.dll
    C:\WINDOWS\Speech\ahrdtfp.dll
    C:\WINDOWS\system32\hevsaxaa.dll
    C:\WINDOWS\tasks\A9950931918A8099.job



  • Then click the red Moveit! button below.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.
Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.
Don't worry, some files will not be able to delete.. we'll deal with them afterwards..

Then, after reboot,

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, Right click the list box (white box) in the main VundoFix window.
  • Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\Speech\ahrdtfp.dll
  • Copy and paste next in the second field: C:\WINDOWS\system32\hevsaxaa.dll
  • Click the Add Files button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot, RESCAN with combofix and post the C:\Combofix.txt - log together with a new hijackthislog and the contents of C:\vundofix.txt in your next reply.

Edited by miekiemoes, 21 May 2007 - 04:12 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 May 2007 - 03:09 PM

Alright, everything seemed to go as planned......so far, so good :thumbsup:




Here is my new comboFix text file



"Jamie" - 2007-05-22 15:50:18 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Jamie\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 ))))))))))))))))))))))))))))))))))


2007-05-22 15:27 <DIR> d-------- C:\VundoFix Backups
2007-05-21 16:23 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-17 15:13 <DIR> d-------- C:\HijackThis
2007-05-14 17:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-14 17:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-14 17:39 <DIR> d-------- C:\Program Files\CA
2007-05-13 16:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-05-10 14:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 04:33 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-03 21:00 <DIR> d-------- C:\Program Files\Audio Encoder


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 20:49:26 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-21 23:11:41 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\Azureus
2007-05-21 18:52:07 -------- d-----w C:\Program Files\PokerStars
2007-05-18 20:38:46 -------- d-----w C:\Program Files\Full Tilt Poker
2007-05-15 00:01:24 -------- d-----w C:\Program Files\Azureus
2007-05-11 22:29:08 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\LimeWire
2007-05-11 22:29:07 -------- d-----w C:\Program Files\Incomplete
2007-05-10 21:55:32 -------- d-----w C:\Program Files\Shared Folder
2007-04-13 08:55:22 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\dvdcss
2007-04-05 06:38:29 -------- d-----w C:\Program Files\Nsauditor
2007-04-03 20:59:50 -------- d-----w C:\Program Files\Rockstar Games
2007-04-01 19:35:32 -------- d-----w C:\Program Files\THQ
2007-03-22 21:54:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-20 22:56:05 -------- d-----w C:\Program Files\cutscenes
2007-03-19 22:30:51 -------- d-----w C:\Program Files\audible
2007-03-17 20:12:13 -------- d-----w C:\Program Files\SP2 Connection Patcher
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-10-22 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]
{BCBE6EB6-0A80-41EB-BF66-281D8FA0931a}=C:\WINDOWS\system32\hevsaxaa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioloDelayModule"="C:\Program Files\System Mechanic Professional 6\delay.exe" [2005-06-08 21:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"NWEReboot"="" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-24 23:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-10-22 01:04]
"AtiPTA"="atiptaxx.exe" [2005-11-22 20:05 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 14:06]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineil32]
wineil32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe


Contents of the 'Scheduled Tasks' folder
2007-05-21 20:26:00 C:\WINDOWS\tasks\HP Usg Daily FY04.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-22 15:53:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-22 15:54:03
C:\ComboFix-quarantined-files.txt ... 2007-05-22 15:54
C:\ComboFix2.txt ... 2007-05-21 16:23

--- E O F ---





Here is my new HijackThis text file



Logfile of HijackThis v1.99.1
Scan saved at 3:57:34 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {097C6C02-F9E0-AC01-34BE-65BE1CF91B80} - (no file)
O2 - BHO: (no name) - {186CF7A8-5FEB-4761-A34E-93E58260ACBF} - (no file)
O2 - BHO: (no name) - {1F8ACDEE-C369-480E-A5DD-F1A1A3A8B6C6} - (no file)
O2 - BHO: (no name) - {33DE96CD-CD2D-4AAE-B88B-7C52F9B5B6FC} - (no file)
O2 - BHO: (no name) - {4572CF71-17BE-4B85-9C12-883213074FD4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {586B1495-055D-4EB5-88BB-515B08E37D7A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {68FE8F45-D3D5-46D3-B151-80C7B4C102C1} - (no file)
O2 - BHO: (no name) - {719842F3-C34A-4733-97D5-BE77F90794AE} - (no file)
O2 - BHO: (no name) - {71FAA7E6-DCE1-411D-9897-7D9E766E8312} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76D1D41D-BE3A-4F7C-A881-061BC4CEA648} - (no file)
O2 - BHO: (no name) - {8BB72D20-501A-4427-A147-2F99F873CCE9} - (no file)
O2 - BHO: (no name) - {B741147C-D82C-4BD2-9632-BE5F22D55DB5} - (no file)
O2 - BHO: (no name) - {BCBE6EB6-0A80-41EB-BF66-281D8FA0931a} - C:\WINDOWS\system32\hevsaxaa.dll (file missing)
O2 - BHO: (no name) - {BE6225E5-5BCB-40CB-9B67-267F5FF8C4EA} - (no file)
O2 - BHO: (no name) - {BEF8D125-C887-4948-B894-0285E13C1812} - (no file)
O2 - BHO: (no name) - {C1FD594E-CB4B-40C8-9A78-D935C7B5ADC7} - (no file)
O2 - BHO: (no name) - {D37569B9-3B92-4C2C-8A6C-17F740B51007} - (no file)
O2 - BHO: (no name) - {E04B6860-10F5-416D-A1BA-6FD08A59AC53} - (no file)
O2 - BHO: (no name) - {E3E52882-812B-4254-BE7D-22CEC8B4689E} - (no file)
O2 - BHO: (no name) - {E7625730-B2EA-4028-97D4-1D40441D37BB} - (no file)
O2 - BHO: (no name) - {F47878A9-F5D5-42B7-B461-48DC60980705} - (no file)
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168636426781
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{251B2456-8C99-45CE-BE06-E2B46273429F}: NameServer = 206.47.244.42 206.47.244.78
O17 - HKLM\System\CS2\Services\Tcpip\..\{251B2456-8C99-45CE-BE06-E2B46273429F}: NameServer = 206.47.244.42 206.47.244.78
O17 - HKLM\System\CS3\Services\Tcpip\..\{251B2456-8C99-45CE-BE06-E2B46273429F}: NameServer = 206.47.244.42 206.47.244.78
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe







And here is my VundoFix text file



VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 3:27:35 PM 5/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\bupfwyct.exe
C:\WINDOWS\system32\dwbohywj.dll
C:\WINDOWS\system32\eqkiaqgd.dll
C:\WINDOWS\system32\gmnoraax.dll
C:\WINDOWS\system32\jwnujdjl.dll
C:\WINDOWS\system32\nqvbhoma.exe
C:\WINDOWS\system32\rijxtivs.dll
C:\WINDOWS\system32\uadvbdtp.dll
C:\WINDOWS\system32\uliqodnd.dll
C:\WINDOWS\system32\uoygfbbt.dll
C:\WINDOWS\system32\wcytfogw.dll
C:\WINDOWS\system32\xywgvyqg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bupfwyct.exe
C:\WINDOWS\system32\bupfwyct.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dwbohywj.dll
C:\WINDOWS\system32\dwbohywj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmnoraax.dll
C:\WINDOWS\system32\gmnoraax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jwnujdjl.dll
C:\WINDOWS\system32\jwnujdjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqvbhoma.exe
C:\WINDOWS\system32\nqvbhoma.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rijxtivs.dll
C:\WINDOWS\system32\rijxtivs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uadvbdtp.dll
C:\WINDOWS\system32\uadvbdtp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uliqodnd.dll
C:\WINDOWS\system32\uliqodnd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uoygfbbt.dll
C:\WINDOWS\system32\uoygfbbt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wcytfogw.dll
C:\WINDOWS\system32\wcytfogw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xywgvyqg.dll
C:\WINDOWS\system32\xywgvyqg.dll Has been deleted!

Performing Repairs to the registry.
Done!









Thanks once again not only for the help but for the quick replies :flowers: :huh:

Edited by Agent39, 22 May 2007 - 03:12 PM.


#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 22 May 2007 - 03:15 PM

Hi,

This is looking much better. We just have to deal with some leftovers and other stuff.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {097C6C02-F9E0-AC01-34BE-65BE1CF91B80} - (no file)
O2 - BHO: (no name) - {186CF7A8-5FEB-4761-A34E-93E58260ACBF} - (no file)
O2 - BHO: (no name) - {1F8ACDEE-C369-480E-A5DD-F1A1A3A8B6C6} - (no file)
O2 - BHO: (no name) - {33DE96CD-CD2D-4AAE-B88B-7C52F9B5B6FC} - (no file)
O2 - BHO: (no name) - {4572CF71-17BE-4B85-9C12-883213074FD4} - (no file)
O2 - BHO: (no name) - {586B1495-055D-4EB5-88BB-515B08E37D7A} - (no file)
O2 - BHO: (no name) - {68FE8F45-D3D5-46D3-B151-80C7B4C102C1} - (no file)
O2 - BHO: (no name) - {719842F3-C34A-4733-97D5-BE77F90794AE} - (no file)
O2 - BHO: (no name) - {71FAA7E6-DCE1-411D-9897-7D9E766E8312} - (no file)
O2 - BHO: (no name) - {76D1D41D-BE3A-4F7C-A881-061BC4CEA648} - (no file)
O2 - BHO: (no name) - {8BB72D20-501A-4427-A147-2F99F873CCE9} - (no file)
O2 - BHO: (no name) - {B741147C-D82C-4BD2-9632-BE5F22D55DB5} - (no file)
O2 - BHO: (no name) - {BCBE6EB6-0A80-41EB-BF66-281D8FA0931a} - C:\WINDOWS\system32\hevsaxaa.dll (file missing)
O2 - BHO: (no name) - {BE6225E5-5BCB-40CB-9B67-267F5FF8C4EA} - (no file)
O2 - BHO: (no name) - {BEF8D125-C887-4948-B894-0285E13C1812} - (no file)
O2 - BHO: (no name) - {C1FD594E-CB4B-40C8-9A78-D935C7B5ADC7} - (no file)
O2 - BHO: (no name) - {D37569B9-3B92-4C2C-8A6C-17F740B51007} - (no file)
O2 - BHO: (no name) - {E04B6860-10F5-416D-A1BA-6FD08A59AC53} - (no file)
O2 - BHO: (no name) - {E3E52882-812B-4254-BE7D-22CEC8B4689E} - (no file)
O2 - BHO: (no name) - {E7625730-B2EA-4028-97D4-1D40441D37BB} - (no file)
O2 - BHO: (no name) - {F47878A9-F5D5-42B7-B461-48DC60980705} - (no file)
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Then, * Open OTMoveIt and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OtMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 May 2007 - 08:37 PM

Looks like I hit a brick wall here.

When I try to uninstall "Java 2 Runtime Environment, SE v1.4.2_04" I get the following message :

The feature you are trying to use is on a network resource that is unavailable.

Click ok to try again, or enter an alternate path to a folder containing the installation package 'Java
2 Runtime Environment, SE v1.4.2_04.msi in the box below

( this is what is in the "box below" )
http://java.sun.com/webapps/download/GetFile/1.4.2_04-b05/windows-i586/

When I click OK to try again, I get this message :

The file
http://java.sun.com/webapps/download/GetFi...5/windows-i586/
is not a valid installation package for the product Java 2 Runtime Environment, SE v1.4.2_04. Try to find the installation package 'Java 2 Runtime Environment, SE v1.4.2_04.msi' in a folder from which you can install Java 2 Runtime Environment, SE v1.4.2_04.


Then after clicking ok on that message, I get this message :

The installation source for this product is not available. Verify that the source exists and that you can access it

I downloaded the newest Java but I figured I shouldn't install it until after we sort this out.



My second problem is the last step you told me to do. When I open OTMoveIt.exe and click the button "Clean Up!", I get the following error message :

Unable to contact the internet.
Cleanup list download failed!


I tried disconnecting and reconnecting, and even shutting off my firewall for a few seconds and I still get the same error message. I'll try rebooting. If rebooting fixes the problem, I'll edit this message and say so. If it doesn't help, I'll leave the rest of this post blank.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 23 May 2007 - 01:08 AM

Hi,

Above are no big problems. We can deal with it manually.
First, for the Java 2 Runtime Environment, SE v1.4.2_04 seems to be already deleted or some parts of it... So you can delete this related folder manually. So look in next folder: C:\Program Files\Java and search if there's the v1.4.2_04 present in there. Then delete it.
If not present there, don't worry.
Then update to the latest version.

For the CleanUp option in OTMoveIT.... This was actually an easier way to delete the tools we have been using during our cleanup, but we can delete it manually.

So delete next folders:

C:\VundoFix Backups
C:\Qoobox
C:\_OtMoveIT

Also delete the Combofix, OTMoveIT and Vundofix present on your desktop.

Edited by miekiemoes, 23 May 2007 - 01:10 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 24 May 2007 - 03:06 PM

Looks like I'm still infected.

My computer is a little better, but it still has the same problem as before with some exceptions........for example :

1. Before I talked to you I couldn't even open up my Azureus (torrent program). It would start to open then completly stop after two seconds. The symbol wouldn't even come up. It now opens though.

2. Before I talked to you I coudln't open up my e-mail. I use sympatico's email service (sympatico mail). I would go to the website, click the "sympatico mail" button, put in my username, put in my password, click ok and then BOOM! My web browser would just automatically close. Now it opens up my mail, but when I click a message to open up (or click to delete a message) I get the following error message : Session invalid.
This message occurs because you have either previously logged out
or your session has automatically timed out.

Please click here to login.


3. I still get really slow download rates and I still can't watch streams (videos from YouTube for example) without waiting way longer than I should.


Do you have anymore suggestions????

I still appreciate everything you have done for me and I still think the world needs more people like you, so thank you so much for your help. :thumbsup:

#10 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 24 May 2007 - 03:11 PM

Looks like I'm still infected.

My computer is a little better, but it still has the same problem as before with some exceptions........for example :

1. Before I talked to you I couldn't even open up my Azureus (torrent program). It would start to open then completly stop after two seconds. The symbol wouldn't even come up. It now opens though.

2. Before I talked to you I coudln't open up my e-mail. I use sympatico's email service (sympatico mail). I would go to the website, click the "sympatico mail" button, put in my username, put in my password, click ok and then BOOM! My web browser would just automatically close. Now it opens up my mail, but when I click a message to open up (or click to delete a message) I get the following error message : Session invalid.
This message occurs because you have either previously logged out
or your session has automatically timed out.

Please click here to login.


3. I still get really slow download rates and I still can't watch streams (videos from YouTube for example) without waiting way longer than I should.


Do you have anymore suggestions????

I still appreciate everything you have done for me and I still think the world needs more people like you, so thank you so much for your help. :flowers:

P.S
another wierd problem I have is when I come to this website, it auto logs me in as Agent39. I then click the "Forum" button, and all of a sudden I have to log in........so I do. Earlier I clicked the "reply button" on your most recent post and I had to log in again for the second time! After that, it never asked me to log in again and everything on this site seemed to function right. :thumbsup:

Edited by Agent39, 24 May 2007 - 03:16 PM.


#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 24 May 2007 - 03:20 PM

Hi,

The issues you are talking about aren't malware related but rather security related software interfering. Settings set too high, cookies blocked, whatever...

And that's why I also said previously that having more than 1 firewall installed are not compatible, even though you disabled one. Because after all, related drivers and other components are still loaded. The trendmicro firewall is already powerful enough, so there's really no need to have another one on top, because it just inteferes with eachother and won't protect you in a better way, on the contrary.
That explains the slow download rates as well.
What I suggest here is, uninstall Zonealarm and reboot.
If that didn't solve it - disable your Trendmicro and test if you're having the same issue. If not, then there's a setting misconfigured in Trendmicro Internet Security.
Also, on top, I see you have System Mechanic Professional installed which also contains Internet Security features. From the site:
* Block spyware and other dangerous software
* Shield your PC from viruses, worms, and trojans
* Defend against hackers and identity thieves
* Prevent unauthorized access and remote attacks
* Repair dangerous Windows security vulnerabilities

Also check its settings, disable it to test if you're still having the problem.

Anyway, don't overload your system with all kind of security tools running in the background - because it can make things worse and interfere with eachother and interfere with default settings.

You may want to read this page: Help! My computer is slow!
Especially point 2 and point 5 below.

edit: I see you edited your previous post with an extra issue:

Earlier I clicked the "reply button" on your most recent post and I had to log in again for the second time!

that again is another example of security settings set too high by security related tools. Looks like you are blocking all cookies/almost all cookies, or delete every cookie immediately again.

Edited by miekiemoes, 24 May 2007 - 03:25 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 26 May 2007 - 05:48 PM

Hey

I took your advice and deleted my Zona Alarm Pro firewall and now I am using Trend Micro's PC Cillin for both a firewall and anti-virus. I also deleted my System Mechanic because it didn't seem to work anyway (was out of date, couldn't update it without paying etc.) .

Unfortunately I still have a slow internet connection. When I download movies from websites (youtube, videogame clips etc.) I only get a download speed of 8.7 or maybe if I'm lucky, a 10 KB a second connnection.......while just a couple of months ago before I had this problem, I could get download speeds over 100 KB a second.

Should I call Bell (my ISP) ?

I noticed on Azureus I can get download speeds of up to 67 KB a second, so I'm really confused.........I DID however used to get speeds on Azureus that were a little over 200 KB a second.............something I haven't seen in a long time now. :thumbsup:

Also, I can't play online poker anymore without getting dissconncted constantly (about every few minutes or so).

Edited by Agent39, 26 May 2007 - 05:56 PM.


#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 27 May 2007 - 04:01 AM

You really have to check your Security settings in TrendMicro though.
Is there any improvement if you disable TrendMicro?
There's certainly something interfering with your Internet connection and blocking something, because when you used the clean Up function in OTMoveIt previously, it blocked connection with the internet as well. This can only be caused by Security programs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Agent39

Agent39
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 27 May 2007 - 02:42 PM

I tried disabling Trendmicro, and it's still the same story as before.My connection has definitly improved though, that's for damn sure.

maybe you could help me with something else though..........

For a long time now I've had this message in the bottom right corner of my desktop ( I forget what you call that little corner.....). It says :

Local Area Connection
Speed: 10.0 Mbps
Status: Limited or no connectivity

When I first got my computer and internet it was two years ago......I've had this message for about a year now, it wasn't there before........I don't know what I did to bring it up, and I don't even know if it's a problem or not.

When I double click it, then click the support tab, it says :

--------Connection status
Limited or no connectivity
you might not be able to access the internet or some network sources. This problem occured because the network did not assign a network address to the computer--------

then below that it says :

---------to restart the connection and try to establish full connectivity, click repair---------

so I click repair and it trys to renew my IP address......after a long wait it says :

------windows could not finish repairing the problem because the folling action cannot be coimpleted : Renewing your IP address.
For assistance, contact the person who manages your network.----------------

At the bottom of this support tab it says :

---------if clicking Repair does not restore connectivity, the problem might be with the network, not with this computer. Contact the person who manages your network.---------------

under the general tab I can click Disable. When I do so, I can't connect to the internet with my Sympatico Access Manager anymore.....I get the folling error message :

---------Error Connecting to Sympatico Manager

connecting through WAN Miniport (PPPOE)...

Error 769: The Specified Destination is not reachable
(then my options below are)
Redial Cancel More Info

so then I have to turn this "Local Area Connection" thing on again just so my Sympatico Access Manager can connect to the internet.

Is this a problem? How did this happen in the first place? What can I do to fix it?

Thanks for the help buddy :thumbsup:

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 AM

Posted 27 May 2007 - 05:26 PM

I don't know how this happened in the first place - This is certainly a setting misconfigured somewhere in your Sympatico - or as I already said, your firewall interfering.
I suggest you take a look here at the Sympatico website for troubleshooting connections:
http://service.sympatico.ca/index.cfm?meth...category_id=612
Below there's an option to have a chat with a representative to get more help as well. I am sure they can help you since they are dealing with similar issues everyday :thumbsup:

Most important thing now is - since you were mainly dealing with malware previously, keep this system clean!
So, please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users