Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE super slow, pop-ups, ads, etc.. Please help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby rlboothco » July 3rd, 2008, 1:14 pm

ComboFix 08-06-30.2 - Richard Booth 2008-07-03 11:08:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1066 [GMT -6:00]
Running from: C:\Documents and Settings\Richard Booth\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-06-29 10:47 . 2008-06-29 10:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-29 10:39 . 2008-06-29 12:24 <DIR> d-------- C:\SDFix
2008-06-23 14:18 . 2008-06-23 14:18 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-19 13:44 . 2008-06-19 13:49 <DIR> d-------- C:\Documents and Settings\Richard Booth\Incomplete
2008-06-19 12:55 . 2008-06-19 14:28 117,186 --a------ C:\WINDOWS\hpoins11.dat
2008-06-19 11:04 . 2008-06-19 11:04 116,734 --------- C:\WINDOWS\hpoins11.dat.temp
2008-06-19 11:03 . 2007-04-19 17:14 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-06-16 13:09 . 2008-06-16 13:09 <DIR> d-------- C:\Documents and Settings\Richard Booth\Application Data\Zeon
2008-06-16 12:59 . 2008-06-16 12:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 12:59 . 2008-06-16 12:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Zeon
2008-06-16 12:59 . 2008-06-16 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2008-06-16 12:58 . 2008-06-16 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-16 12:57 . 2008-06-16 12:57 <DIR> d-------- C:\Program Files\Nuance
2008-06-16 12:57 . 2008-06-16 12:58 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-16 12:57 . 2008-06-16 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zeon
2008-06-10 16:16 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:16 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 23:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 21:56 --------- d-----w C:\Program Files\SmartDraw 2008
2008-06-19 19:49 --------- d-----w C:\Program Files\LimeWire
2008-06-19 18:17 --------- d-----w C:\Program Files\Plaxo
2008-06-19 15:42 --------- d-----w C:\Documents and Settings\Richard Booth\Application Data\SmartDraw
2008-06-17 20:25 --------- d-----w C:\Program Files\MailList King
2008-06-10 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 01:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 04:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3286BF1-E654-42FF-B4A6-5E111731DF6B}"= "C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll" [2008-01-25 18:29 299008]

[HKEY_CLASSES_ROOT\clsid\{e3286bf1-e654-42ff-b4a6-5e111731df6b}]
[HKEY_CLASSES_ROOT\ZeonIEFavClient.ZeonStockbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{F9F73E8C-7164-428F-B25D-71354A4AB232}]
[HKEY_CLASSES_ROOT\ZeonIEFavClient.ZeonStockbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 17:19 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-30 08:21:44 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\cmpmgr\\COMPMNGR.EXE"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 17:20]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 05:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 17:16]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 02:20]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 03:06]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 10:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a1ae392-f296-11db-9a7c-0014a57cc4a7}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b687a02-c07e-11dc-9b0f-0014a57cc4a7}]
\Shell\AutoRun\command - G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 04:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 18:01:47 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 11:10:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-03 11:12:15
ComboFix-quarantined-files.txt 2008-07-03 17:12:02
ComboFix2.txt 2008-07-03 15:07:41
ComboFix3.txt 2008-07-02 18:20:51

Pre-Run: 6,278,590,464 bytes free
Post-Run: 6,265,724,928 bytes free

125 --- E O F --- 2008-07-01 09:02:49


Logfile of HijackThis v1.99.1
Scan saved at 11:13:03 AM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.s ... EN&prodOS=
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1487678562
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F703CA9-3CF4-4B84-AA3F-9D68C992F1A4}: NameServer = 209.150.200.15,209.150.200.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
rlboothco
Active Member
 
Posts: 13
Joined: June 26th, 2008, 2:38 pm
Advertisement
Register to Remove

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby MikeSwim07 » July 4th, 2008, 9:06 am

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6.
  • Click the Download button to the right.
  • Choose the correct Platform and Multi-language. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Then click Continue.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://ardownload.adobe.com/pub/adobe/r ... _en_US.exe

During the install make sure you don't install the Adobe Photoshop Album Starter Edition if you don't want it. Then go to Add/Remove Programs and remove any older versions that may remain.

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please post the Malwarebytes log and a new hjt log. How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby rlboothco » July 5th, 2008, 1:29 pm

Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 5.1.2600 Service Pack 2

4:46:01 PM 7/4/2008
mbam-log-7-4-2008 (16-46-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152113
Time elapsed: 1 hour(s), 36 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{be7e4ce1-8cba-44a6-956f-462a667d3286} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\bbcdwckc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0152063.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0152935.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0152962.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0153936.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0153938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0154935.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0154963.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP558\A0155048.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP558\A0155069.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP558\A0155071.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP559\A0155083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP559\A0155085.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0155090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0155095.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0155097.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0155101.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0156101.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157101.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157144.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157150.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP560\A0157154.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0157319.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158320.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158327.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158329.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158330.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158360.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP561\A0158391.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP562\A0158433.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP562\A0158434.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP562\A0158443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP562\A0158467.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0158472.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0158474.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0158486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0158495.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0158496.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159494.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159512.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159513.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159514.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP563\A0159526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP566\A0164640.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



Logfile of HijackThis v1.99.1
Scan saved at 11:27:46 AM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.s ... EN&prodOS=
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1487678562
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F703CA9-3CF4-4B84-AA3F-9D68C992F1A4}: NameServer = 209.150.200.15,209.150.200.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
rlboothco
Active Member
 
Posts: 13
Joined: June 26th, 2008, 2:38 pm

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby MikeSwim07 » July 5th, 2008, 3:02 pm

Please click Start

Is your Log Off Button still present?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby rlboothco » July 5th, 2008, 8:38 pm

Yes my log off button is still present.
rlboothco
Active Member
 
Posts: 13
Joined: June 26th, 2008, 2:38 pm

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby MikeSwim07 » July 5th, 2008, 8:39 pm

How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby rlboothco » July 5th, 2008, 11:19 pm

Everything is running fine. Are we done?
rlboothco
Active Member
 
Posts: 13
Joined: June 26th, 2008, 2:38 pm

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby MikeSwim07 » July 6th, 2008, 8:30 am

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I have some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional (beginning with Spybot S &D).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u (Note: This command is case sensitive.)

    Please also delete: SDFix

    You may delete any logs left on the desktop.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Tutorail for Spybot S & D
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
    SpywareBlaster
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox << Most used, I use this one myself.
    Opera
  • Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
    Help! My computer is slow
    Slow Computer? Check here first; it may not be malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints.

>> Here << you can see how you can help us.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby rlboothco » July 6th, 2008, 9:09 am

I think i am clean but I have another computer that has become slower and slower. I am now thinking I should check that onw out as well. Would you do that?
rlboothco
Active Member
 
Posts: 13
Joined: June 26th, 2008, 2:38 pm

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby MikeSwim07 » July 6th, 2008, 11:19 am

Yes...But please post a new topic in the malware removal room. I will try to pick it up for you :D
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: IE super slow, pop-ups, ads, etc.. Please help.

Unread postby Simon V. » July 7th, 2008, 1:59 pm

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the username used. If the username does not match the one in the thread linked, the email will be deleted.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware