1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet, uploads real slow.

Discussion in 'Virus & Other Malware Removal' started by sargonnis, Jun 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. sargonnis

    sargonnis Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    5
    My Net speed and upload speed is real bad with cable connection, i already spoke to my provider who said it was a internal problem. The things I did recenly on my computer was removed malware using adaware and imunized using spybot, zonealarm also removed 3 virus entrys (javabyteverify) that showed up I think because spybot took out my updated java controller. the only other weird thing my pc did recently was zonealarm firewall reset itself from the program controls. Can anyone please help me. everything else runs fine. here is my hijack log.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jay\My Documents\downloaded programs\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176469576671
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 3473 bytes
     
  2. jp1203

    jp1203

    Joined:
    Jul 20, 2005
    Messages:
    3,427
  3. jp1203

    jp1203

    Joined:
    Jul 20, 2005
    Messages:
    3,427
    Looking through the log this ain't so nice:

    C:\Program Files\ULI5289\ALi5289.exe

    But other than that I see nothing-might want to have this moved to Security if it is that so I don't get yelled at for helping with something in that topic :D
     
  4. sargonnis

    sargonnis Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    5
    I feel stupid, how do i move this post to security. I don't see the report thread anywhere at the bottom of the post.
     
  5. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    don't worry, i have asked for the post to be moved
     
  6. Blackmirror

    Blackmirror

    Joined:
    Dec 5, 2006
    Messages:
    32,642
    You might want to run a new hjt scan with the link in my sig

    You are running it from a temporary location
    C:\Documents and Settings\Jay\My Documents\downloaded programs\HiJackThis_v2.exe

    The version you are using is a beta version


    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,921
    First Name:
    Karen
    Hi Sargonnis and welcome to TSG,

    There is nothing wrong with the file that JStergis singled out.

    http://www.castlecops.com/s13102-ALi5289.html

    Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.


    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

    1. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    3. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    4. If you have any infections you will be prompted. Then select "Apply all actions."
    5. Next select the "Reports" icon at the top.
    6. Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    7. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  8. sargonnis

    sargonnis Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    5
    I got AVG anti spyware and I ran the program, I could not start in safe mode though. it is a built system and it starts at the abit-ul8 screen that is the motherboard. I don't know if I should contact the person I paid to build it to set it up right if I can't access safe mode. AVG found alot. I removed everything from the steal me disk in my systen to be safe after some files were found. Here is the report

    C:\Documents and Settings\Jay\My Documents\stealmedisk\Remote Monitoring\nbpro210.zip/data1.hdr -> Backdoor.NetBus.210 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\netbuster1_31.zip/NetBuster.exe -> Backdoor.NetBuster : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Honey Pot Traps\netbuster1_31.zip/NetBuster.exe -> Backdoor.NetBuster : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\s7sniper.zip/S7Sniper.exe -> Backdoor.SubSeven.21 : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015029.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015030.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015031.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015425.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015426.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015427.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015821.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015822.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015823.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014017.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014018.dll -> Downloader.ConHook.ah : Cleaned.
    C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014019.dll -> Downloader.ConHook.ah : Cleaned.
    C:\WINDOWS\system32\ddayvwu.dll -> Downloader.ConHook.ah : Cleaned.
    C:\WINDOWS\system32\ddcccby.dll -> Downloader.ConHook.ah : Cleaned.
    C:\WINDOWS\system32\ddcyyyw.dll -> Downloader.ConHook.ah : Cleaned.
    E:\WINNT\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Honey Pot Traps\tambuudp.zip/TambuUDP.exe -> Not-A-Virus.HackTool.Win32.Tambu : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Keykey._sy -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Vkeykeyd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Vprotkkd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/install.exe -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/keykey._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/kkmon._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/uninst._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
    C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\tfak40.zip/Tfak.exe -> Not-A-Virus.RemoteAdmin.Win32.TFAK : Cleaned.
    :mozilla.10:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.171:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.6:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.7:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.8:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.9:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.6:C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\f4n6geu9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.7:C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\f4n6geu9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.161:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.113:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.114:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.115:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.116:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.141:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.142:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.143:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.42:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.145:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.47:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.155:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.91:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.130:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.131:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.14:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.167:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
    :mozilla.168:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
    :mozilla.169:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.170:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.33:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.36:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.146:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.147:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.148:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.149:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.150:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.151:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.152:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.110:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.59:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.137:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.138:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.139:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.140:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.88:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.45:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.46:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.47:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.87:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.20:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.48:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.49:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.73:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.74:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.75:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.76:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.77:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.78:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.104:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.106:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.111:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.97:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.98:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.59:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.10:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.51:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.52:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.53:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.54:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.55:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.56:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.6:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.7:E:\Documents and Settings\Myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    E:\WINNT\system32\hlscraaa.exe -> Trojan.Zapchast.ca : Cleaned.
    I could not start panda though either, connection problems. I will run avg again tonight but my internet is working mush better I will download a file now and see if I have good speed now. my speed on the web is an extream improvment. thanks for the advise on the program.
     
  9. sargonnis

    sargonnis Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    5
    OK I ran agv again and I still have 2 high risk objects. downloader.conhook.ah and trojan.zapchast.ca as well as a bunch of midrate trackingcookies. is there any way to start my pc in safe mode or should I take it back to where i bought it and have him tweek it so I can do it. thank you for all the advise.
     
  10. sargonnis

    sargonnis Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    5
    sorry forgot to post hijack log, it has been a long day.
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ULI5289\ALi5289.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176469576671
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    this is after running avg twice.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,921
    First Name:
    Karen
    I'm sorry I didn't reply sooner but I didn't received an e-mail notification of your reply.

    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/589686

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice