Internet, uploads real slow.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sargonnis

Thread Starter
Joined
Jun 27, 2007
Messages
5
My Net speed and upload speed is real bad with cable connection, i already spoke to my provider who said it was a internal problem. The things I did recenly on my computer was removed malware using adaware and imunized using spybot, zonealarm also removed 3 virus entrys (javabyteverify) that showed up I think because spybot took out my updated java controller. the only other weird thing my pc did recently was zonealarm firewall reset itself from the program controls. Can anyone please help me. everything else runs fine. here is my hijack log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jay\My Documents\downloaded programs\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176469576671
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3473 bytes
 
Joined
Jul 20, 2005
Messages
3,427
Looking through the log this ain't so nice:

C:\Program Files\ULI5289\ALi5289.exe

But other than that I see nothing-might want to have this moved to Security if it is that so I don't get yelled at for helping with something in that topic :D
 

sargonnis

Thread Starter
Joined
Jun 27, 2007
Messages
5
I feel stupid, how do i move this post to security. I don't see the report thread anywhere at the bottom of the post.
 
Joined
Dec 5, 2006
Messages
32,649
You might want to run a new hjt scan with the link in my sig

You are running it from a temporary location
C:\Documents and Settings\Jay\My Documents\downloaded programs\HiJackThis_v2.exe

The version you are using is a beta version


Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,216
Hi Sargonnis and welcome to TSG,

There is nothing wrong with the file that JStergis singled out.

http://www.castlecops.com/s13102-ALi5289.html

Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.


Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

  1. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  4. If you have any infections you will be prompted. Then select "Apply all actions."
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  7. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

sargonnis

Thread Starter
Joined
Jun 27, 2007
Messages
5
I got AVG anti spyware and I ran the program, I could not start in safe mode though. it is a built system and it starts at the abit-ul8 screen that is the motherboard. I don't know if I should contact the person I paid to build it to set it up right if I can't access safe mode. AVG found alot. I removed everything from the steal me disk in my systen to be safe after some files were found. Here is the report

C:\Documents and Settings\Jay\My Documents\stealmedisk\Remote Monitoring\nbpro210.zip/data1.hdr -> Backdoor.NetBus.210 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\netbuster1_31.zip/NetBuster.exe -> Backdoor.NetBuster : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Honey Pot Traps\netbuster1_31.zip/NetBuster.exe -> Backdoor.NetBuster : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\s7sniper.zip/S7Sniper.exe -> Backdoor.SubSeven.21 : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015029.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015030.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP103\A0015031.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015425.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015426.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP104\A0015427.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015821.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015822.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP105\A0015823.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014017.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014018.dll -> Downloader.ConHook.ah : Cleaned.
C:\System Volume Information\_restore{77D2B492-3A9B-4335-9DB4-25E503EC65BB}\RP99\A0014019.dll -> Downloader.ConHook.ah : Cleaned.
C:\WINDOWS\system32\ddayvwu.dll -> Downloader.ConHook.ah : Cleaned.
C:\WINDOWS\system32\ddcccby.dll -> Downloader.ConHook.ah : Cleaned.
C:\WINDOWS\system32\ddcyyyw.dll -> Downloader.ConHook.ah : Cleaned.
E:\WINNT\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anonymity\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Password Recovery\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.Win32.John : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Honey Pot Traps\tambuudp.zip/TambuUDP.exe -> Not-A-Virus.HackTool.Win32.Tambu : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Keykey._sy -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Vkeykeyd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/Vprotkkd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/install.exe -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/keykey._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/kkmon._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Keystroke Loggers\kk2000.zip/uninst._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Cleaned.
C:\Documents and Settings\Jay\My Documents\stealmedisk\Anti-Trojan Horse\tfak40.zip/Tfak.exe -> Not-A-Virus.RemoteAdmin.Win32.TFAK : Cleaned.
:mozilla.10:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\f4n6geu9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\f4n6geu9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.161:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.113:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.141:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.145:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.47:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.155:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.91:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.130:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.131:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.167:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.168:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.169:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.170:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.33:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.146:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.148:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.149:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.151:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.152:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.59:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.137:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.138:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.45:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.46:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.47:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.87:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.20:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.48:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.73:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.74:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.75:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.76:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.77:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.78:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.106:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.111:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.97:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.98:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.59:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.10:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:E:\Documents and Settings\myname\Application Data\Mozilla\Profiles\default\6rq9eyi2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.6:E:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:E:\Documents and Settings\Myname\Application Data\Mozilla\Firefox\Profiles\y5ak7uoq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\WINNT\system32\hlscraaa.exe -> Trojan.Zapchast.ca : Cleaned.
I could not start panda though either, connection problems. I will run avg again tonight but my internet is working mush better I will download a file now and see if I have good speed now. my speed on the web is an extream improvment. thanks for the advise on the program.
 

sargonnis

Thread Starter
Joined
Jun 27, 2007
Messages
5
OK I ran agv again and I still have 2 high risk objects. downloader.conhook.ah and trojan.zapchast.ca as well as a bunch of midrate trackingcookies. is there any way to start my pc in safe mode or should I take it back to where i bought it and have him tweek it so I can do it. thank you for all the advise.
 

sargonnis

Thread Starter
Joined
Jun 27, 2007
Messages
5
sorry forgot to post hijack log, it has been a long day.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176469576671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

this is after running avg twice.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,216
I'm sorry I didn't reply sooner but I didn't received an e-mail notification of your reply.

Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top