Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pages very slow to load in IE.....help please, HJT log h/w

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pages very slow to load in IE.....help please, HJT log h/w

Unread postby balsmith » October 19th, 2005, 7:50 am

Hi
Over the last 2 weeks pages have been very slow to load in IE6 with SP2. I have had my connections checked by an engineer and that apparently is not the problem. I have run Spybot, Ad-Aware and trend Micro anti spyware and found no problem. I have run HijackThis and the log is pasted underneath. Any help would be appreciated.
Thanks
Balsmith


Logfile of HijackThis v1.99.1
Scan saved at 12:31:00, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.akhter.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.akhter.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SurfAnonymous] F:\Program Files\SurfAnonymous\SurfAnonymous.exe -1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Connect to the ADSL.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free Software - F:\Program Files\The Hat\hh.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.akhter.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b30149.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-30.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D47C398B-0314-4E93-971F-78574330D725}: NameServer = 10.0.0.51 10.0.0.52
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm
Advertisement
Register to Remove

Unread postby askey127 » October 19th, 2005, 7:23 pm

balsmith,

Welcome to the forum!
I'll give you a hand with your log. Looking at it now.
Be back shortly.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » October 19th, 2005, 8:12 pm

balsmith,

I don't see any obvious malware entries in your log.
There are a few subjects to check out, however. Maybe we can help the situation.

Subject 1:
First, You have InCD running at startup. It's Nero's CD-R/W program, but I would prefer to run it from a desktop icon when you need it.
We will remove the automatic R/W apps from startup and put them on the desktop instead.
As you have also installed Roxio DVD/CD creator, there is a possibility that DirectCD is also lurking somewhere. (Roxio's CD-R/W program)
The two are incompatible, and can cause system trouble. I don't see DirectCD running in your log, however.
Drag-to-Disc may also be incompatible with InCD if they are running simultaneously.
Did either of these get installed about the time the slowdown started?

Subject 2:
If any of your drives have Drive Indexing running, disabling it can frequently increase speed, esp if you don't have a very large, very fast HD..
My Computer, edit>(RIGHT-click) each hard drive letter one at a time , select properties, Uncheck "Allow indexing service to index this disk for fast file searching", and click Apply.
Answer Yes to "Do you want this to apply to all files and folders".
Click OK

Subject 3:
resource hogs- OSA.EXE is not necessary and uses a lot of resources.

Subject 4:
If the Nokia PC Suite has an Anti-Virus component, it should be disabled so it doesn't interfere with AVG. Only you can tell me.

Subject 5:
You may have too much junk in your pile of temporary files.
-----------------------------------------------------------
Hit Ctrl-Alt-Del to bring up task manager.
Check to see whether DirectCD.exe is running under the Processes tab. I don't think it is. Just want to be sure.
-----------------------------------------------------------
Download and install CCleaner from here.
Run CCleaner.
( Do not use the Issues block )
Click on the Options block on the left. Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".
Click on the Cleaner block on the left. Choose the Windows tab.
Check everything Except Cookies, Autocomplete Form History, and the Advanced part of the Menu.
Click the Run Cleaner button. This process could take a while.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis. If the opening screen shows, choose None of the above, just start the program.
Click Scan. When the Scan is complete, Check the following entries:
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

Make sure all other windows except HJT are closed, and Click Fix Checked.

In Windows Explorer (My Computer) navigate to each of these files in turn, right click, and select Create shortcut.
Then reduce the window size a bit and drag and drop the shortcut onto your desktop.
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

Let me know of any changes in how it is running after the Reboot.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby balsmith » October 20th, 2005, 5:05 am

Hi askey127

Thanks for your reply

I will try to cover all of your points in order, but I feel that I must make clear that my system as a whole is running fine, it is only IE. Pages are very very slow to load (even this one took about 2 mins). I have ADSL and have, through the line providers own service I have carried out download speed checks. I am averaging 430 kilo bits.
I also have 2 other computers in my home network and they are both fine.

With regard to drag to disc I close it immediately after boot.

Both Roxio and Nero have both been on my system for some time, and direct cd is not running.

I cannot find an option to "allow indexing service....." on the hard drives.

The Nokia PC suite has no anti virus component.

I have now run cCleaner.

I have not added shortcuts for InCd or drag to disc as I very rarely use them and my desk top is cluttered enough already!

On re-boot Trend micro Venus spy trap has popped up and given the following warning.



" A shortcut has been added to your start group that will cause a program to be loaded automatically when you start your computer.

Details:
Shortcut: C:\Documents and Settings|all users|programs\connect to ADSL.lnk
Program:üÜŽ?¥H?w

Recomendation:
This change may have been made as a result of a valid software installation. Before removing/correcting this item you should consider the impact it may have on software that has been recently installed "


I denied access!

I have not installed anything apart from the anti spyware from Trend and ccleaner!

Thanks for your help


Here is the hiJackThis log file

Logfile of HijackThis v1.99.1
Scan saved at 09:52:15, on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.akhter.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.akhter.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SurfAnonymous] F:\Program Files\SurfAnonymous\SurfAnonymous.exe -1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free Software - F:\Program Files\The Hat\hh.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.akhter.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b30149.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-30.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D47C398B-0314-4E93-971F-78574330D725}: NameServer = 10.0.0.51 10.0.0.52
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby balsmith » October 20th, 2005, 6:11 am

I've just noticed that 2 characters in the name of the program trying to add itself to my start list are displaed wrong. The question marks should be squares and I can't get them to display properly
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby askey127 » October 20th, 2005, 6:50 am

balsmith,

I don't like that entry.
-----------------------------------------------------------
Set Your Computer to Show All Files
Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

Run Windows Explorer and go into C:\Documents and Settings\All Users\Start Menu\Programs\ or
C:\Documents and Settings\All Users\Programs\ <=this folder usually doesn't exist

Right-click on connect to ADSL.lnk and see where the target program is located and what the name of it is (probably funny symbols).

Then go find the program itself, right-click it and tell me what it says for properties.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby balsmith » October 20th, 2005, 7:16 am

Askey127

in C:\Documents and Settings\All Users\Start Menu\Programs I do not have connect to ADSL.lnk. I do however have a folder called "SAMSUNG AHT-E310" which is the name of my modem. In that folder is a shortcut called "Connect to the ADSL" properties of which say "Target type: {BA126AD7-2166-11D1-B1D0-00805FC1270E}

I have also searched "ADSL.lnk" and the only two returned are the shortcuts on my desktop and the one above.
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby askey127 » October 20th, 2005, 7:34 am

balsmith,
You may want to print this out as you will not have Internet access in Safe Mode.
-----------------------------------------------------------
Please download, install, and update the free trial version of Ewido trojan scanner: from here : http://www.ewido.net/en/download/
There is an unofficial set of instructions in pdf format here : http://www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf
* Install ewido security suite
* When installing, under "Additional Options", Uncheck "Install background guard" and Uncheck "Install scan via context menu".
* Launch ewido, there should now be an icon on your desktop. Double-click it.
* The program will go to its main screen
* On the left hand side of the main screen click Update.
* Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can also use the same download link http://www.ewido.net/en/download/ to manually update ewido.
-----------------------------------------------------------
Start Your Computer in Safe Mode.
Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list.
In some systems, this may be the F5 key, so try that if F8 doesn't work.
-----------------------------------------------------------
Close all open windows/programs/folders. Have Nothing else open while ewido performs its scan!.
It's extremely important not to open any windows while the scan is in progress.
Now Run Ewido
* Click on scanner
* Click on Settings
* Under "How to scan" all boxes should be selected
* Under "Possibly unwanted software" all boxes should be selected
* Under "What to scan" select scan every file
* Click OK
* Click on Complete system scan
* Let the program scan the machine
* If ewido finds anything, it will pop up a notification.
* Let it fix whatever it finds
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
* Click Save report
* Save the report to your desktop
* Exit ewido

Paste the Ewido report into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby balsmith » October 20th, 2005, 8:41 am

Askey127

I have run the scan and posted the log below, I noticed reference to MSN, I dont use MSN so the kids have some explaining to do!

The problem however has not solved this page took 3 1/2 minutes to load properly


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:29:17, 20/10/2005
+ Report-Checksum: DD5CF0C2

+ Scan result:

C:\WINDOWS\Rdll240.exe -> Backdoor.MsnSpider : Cleaned with backup
C:\WINDOWS\wincom.exe -> Backdoor.MsnSpider : Cleaned with backup
C:\Documents and Settings\All Users\Documents\Downloaded stuff\fakemsn6.zip/msmsgs.exe -> Trojan.MSN.Faker.l : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wflicjdjklo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygpcpgeqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyegc5afpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykldpoapgydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4cid5iaoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoalcpidow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokjazwloq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykpazklpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlouiczmfpaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjkowgc5ebq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmyuhdjoho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfk4wnajwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wflogpdpiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmicocjaeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjloohdzmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjk4wjczscp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfk4gmcpgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkickdpiap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfliggc5wco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjk4ghcpcdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmyakajglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjlouidzido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjk4cgd5keo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjl4cid5iao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkoajdjebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfliahczekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmiqpazakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wflosicpohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjlyepdziep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkoukcjifq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkigldzglq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjloogcpcfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjkyglczslq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjkokmdpslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjnyelcpidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfk4updzmgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wflisicpsbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkyepczoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkykpazskq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjk4gnazifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wfkiqid5ego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjl4kmcjscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmiqhdjccp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@e-2dj6wjmycld5wco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Program Files\msmsgs.exe -> Trojan.MSN.Faker.l : Cleaned with backup


::Report End
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby askey127 » October 20th, 2005, 9:41 am

balsmith,
Let's see if we can locate any running items hidden from the usual task manager.
Download ProcessViewer from here:
http://www.teamcti.com/pview/prcview.htm
run it and paste the running processes list for us to look at.

Do you have/run Ad-Aware on your machine?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby balsmith » October 20th, 2005, 10:24 am

askey127

Yes I do have and I have run Ad-aware

I think I may have cured the problem (although I still do not no the cause) I have created a new connection, to the net and made it the default. When I log on using the new connecetion everything loads very quickley, if however I use the old connection it's still s-l-o-w.
The viewer log is below

alg.exe 404 C:\WINDOWS\System32\alg.exe Application Layer Gateway Service 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
avgamsvr.exe 1360 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe AVG Alert Manager 7.1.0.321. Copyright © 2005, GRISOFT, s.r.o.
avgcc.exe 1132 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe AVG Control Center 7.1.0.338. Copyright © 2005, GRISOFT, s.r.o.
avgemc.exe 2080 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe AVG E-Mail Scanner 7.1.0.338. Copyright © 2005, GRISOFT, s.r.o.
avgupsvc.exe 1376 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe AVG Update Service 7.1.0.321. Copyright © 2005, GRISOFT, s.r.o.
CnxDslTb.exe 1144 C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe TaskBar Application 2.099.032.000. © 1999-2001 Conexant Systems Inc.
csrss.exe 576 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
CTPdeSrv.exe 2596 C:\WINDOWS\system32\CTPdeSrv.exe Personal Media Storage Server 1.0.0.0. Copyright (c) Creative Technology Ltd., 2002 - 2003. All rights reserved.
CTSvcCDA.EXE 1416 C:\WINDOWS\system32\CTSvcCDA.EXE Creative Service for CDROM Access 1.0.0.0. Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
DATALA~1.EXE 2144 C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE DataLayer 2.0 Module 6, 41. Copyright (c) 2004. Nokia. All rights reserved.
ewidoctrl.exe 1484 C:\Program Files\ewido\security suite\ewidoctrl.exe ewido control 3, 0, 0, 1. Copyright © 2004
Explorer.EXE 192 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2900.2180. © Microsoft Corporation. All rights reserved.
hkcmd.exe 1332 C:\WINDOWS\System32\hkcmd.exe hkcmd Module 7,0,0,2082. Copyright 1999-2003, Intel Corporation
iexplore.exe 3704 C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer 6.00.2900.2180. © Microsoft Corporation. All rights reserved.
InCDsrv.exe 1504 C:\Program Files\Ahead\InCD\InCDsrv.exe incdsrv 4, 0, 1, 11. Copyright © 2003
iPodService.exe 2208 C:\Program Files\iPod\bin\iPodService.exe iPodService Module 4.9.0.17. © 2003-2005 Apple Computer, Inc. All Rights Reserved.
iTunesHelper.exe 2152 F:\Program Files\iTunes\iTunesHelper.exe iTunesHelper Module 4.9.0.17. © 2003-2005 Apple Computer, Inc. All Rights Reserved.
jusched.exe 2128 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe Java(TM) 2 Platform Standard Edition binary 5.0.30.7. Copyright © 2004
Launch Application 2.exe 2136 C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe Launch Application 2 6, 0, 22, 0. Copyright c 2004 Nokia. All Rights Reserved.
lsass.exe 656 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
MPAPI3s.exe 2420 C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe Mobile Phone API 6.0. Copyright © 1999-2004 Nokia. All Rights Reserved
MsPMSPSv.exe 1744 C:\WINDOWS\system32\MsPMSPSv.exe WMDM PMSP Service 7.00.00.1954. Copyright (C) Microsoft Corp. 1981-2000
NkvMon.exe 2384 C:\Program Files\Nikon\NkView6\NkvMon.exe Nikon Monitor 6, 1. Copyright (C) Nikon Corporation. 1998 - 2003
PcSync2.exe 2216 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe PC Sync 2.00. Copyright © Time I.S. Ltd. 2002 - 2004
PrcView.exe 2912 C:\Documents and Settings\All Users\Documents\Downloaded stuff\Process view\PrcView.exe Process Viewer Application 3.7.3.1. Developed by Igor Nys, 1995-2003
qttask.exe 2164 C:\Program Files\QuickTime\qttask.exe QuickTime QuickTime 6.5.1. © Apple Computer, Inc. 2001-2004
rundll32.exe 2172 C:\WINDOWS\system32\rundll32.exe Run a DLL as an App 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
SERVIC~1.EXE 2472 C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE ServiceLayer Module 6.0. Copyright © 2002-2004 Nokia. All Rights Reserved.
services.exe 644 C:\WINDOWS\system32\services.exe Services and Controller app 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
SM1BG.EXE 1880 C:\WINDOWS\SM1BG.EXE Cypress USB Mass Storage Driver Background Application 6.01.1000.0 . Copyright (C) 1998-2003 Cypress Semiconductor
smss.exe 516 C:\WINDOWS\System32\smss.exe Windows NT Session Manager 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
SOUNDMAN.EXE 1604 C:\WINDOWS\SOUNDMAN.EXE Realtek Sound Manager 5.1.10. Copyright (c) 2001-2003 Realtek Semiconductor Corp.
spoolsv.exe 1224 C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App 5.1.2600.2696. © Microsoft Corporation. All rights reserved.
svchost.exe 804 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 852 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 932 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 976 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 1092 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 1392 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 1616 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
svchost.exe 2560 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
Tmas.exe 2400 C:\Program Files\Trend Micro\Tmas\Tmas.exe Anti-Spyware Main Module 3.11. Copyright (c) 2003-2005 Trend Micro Incorporated. All rights reserved.
wdfmgr.exe 1644 C:\WINDOWS\system32\wdfmgr.exe Windows User Mode Driver Manager 5.2.3790.1230. © Microsoft Corporation. All rights reserved.
winlogon.exe 600 C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application 5.1.2600.2180. © Microsoft Corporation. All rights reserved.
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby askey127 » October 20th, 2005, 3:30 pm

balsmith,

It still looks as if your machine is clean.
If your second internet connection is from the same ISP, the tech support people at the ISP can usually help diagnose a connection configuration issue.
I don't know to what extent we have been helpful. LOL.
For ongoing protection in your case, I would install SpywareBlaster and the MVPS HOSTS file.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
This website also contains useful tips, and links to other resources and utilities.

If you have any additional items with which we might help, please let us know.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby balsmith » October 20th, 2005, 5:41 pm

aske127

Sorry for the delay in posting (Dad taxi)

My connection is still running fine.
I have downloaded your suggestions and installed them.

Thanks for all your help it was much appreciated
I have used ewido and ccleaner on my other computers with some suprising results.

Thanks again

balsmith. :D
balsmith
Active Member
 
Posts: 7
Joined: October 18th, 2005, 11:03 pm

Unread postby NonSuch » October 27th, 2005, 5:22 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 158 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware