Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Popups and slow internet

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Popups and slow internet

Unread postby Shaba » June 1st, 2009, 11:29 am

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove

Re: Popups and slow internet

Unread postby themasta » June 2nd, 2009, 7:28 am

Kaspersky Online Scanner report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 02, 2009 09:28:21
Records in database: 2295588
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
K:\
W:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 111108
Threat name: 5
Infected objects: 106
Suspicious objects: 0
Duration of the scan: 02:47:43


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\bibegipe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bidatemi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\biruwuta.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bivirulo.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bogiviza.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bohodebu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\buguroru.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bulurevo.dll.tmp.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dapatudi.dll.tmp.vir Infected: Trojan.Win32.Stuh.jgc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\depawehe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dewezuwa.dll.tmp.vir Infected: Trojan.Win32.Stuh.jgc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\duvapoji.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gigahone.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hifikino.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hokowoya.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hozebede.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\janeguwo.dll.tmp.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jawobofe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jopopaya.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\juvemipe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\juyarono.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kegayezu.dll.tmp.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kejimile.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kupuweyo.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lalohuni.dll.vir Infected: Trojan.Win32.Monder.byqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lefeveli.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lerosusi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\loviheti.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\majubilu.exe.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\megumipa.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mohohimu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nahiyuku.dll.tmp.vir Infected: Trojan.Win32.Stuh.jgc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nehirudu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nopepizo.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pokazejo.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ratanofi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ruseduja.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\samadehi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\satunano.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\setorera.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sijanidu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sivosari.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\taviretu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vepogihe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\viborite.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vidutade.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wibayoja.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yatiroku.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yozamodi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yunizawa.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zidekebe.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zojetiru.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zumosezu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\[4]-Submit_2009-06-02_00.04.20.zip Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP35\A0034152.exe Infected: Trojan.Win32.BHO.swb 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0037732.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0037733.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0037734.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0038996.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0038997.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0038998.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0038999.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039000.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039001.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039002.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039005.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039006.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039014.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039016.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039017.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039018.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039023.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039024.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039025.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039026.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039027.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039028.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039029.dll Infected: Trojan.Win32.Monder.byqu 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039030.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039031.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039033.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039034.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039035.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039036.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039037.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039042.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039043.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039044.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039045.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039046.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039047.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039048.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039049.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039050.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039060.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039061.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039062.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039063.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039064.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039065.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039066.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039067.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039069.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039070.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{CD0F98FD-43EB-4EEF-BDFA-19435698C93B}\RP38\A0039073.exe Infected: Packed.Win32.Krap.q 1
C:\WINDOWS\system32\big ol virus.jpg Infected: Trojan-Clicker.Win32.VB.bfp 1

The selected area was scanned.

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:46 PM, on 2/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mdnsresponder.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\TEMP\HY2F5E.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\NETGEAR\WG511\Utility\wg511wlu.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\iTunes\ituneshelper.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Skype\Phone\skype.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypepm.exe
\gw\sys\public\clntrust.exe
\gw\sys\public\wbalance.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.wesleycollege.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.wesleycollege.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.wesleycollege.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wesley College
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.wesleycollege.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [TalkAndWrite] D:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O4 - Global Startup: PASPortal.lnk = C:\Program Files\DataStudio\PASPortal.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://intranet.wesleycollege.net/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9850260890
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F751CA9B-507D-432C-B582-5AD219BEFD20}: Domain = wesleycollege.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 12585 bytes
themasta
Active Member
 
Posts: 11
Joined: May 27th, 2009, 7:51 am
Top

Re: Popups and slow internet

Unread postby Shaba » June 2nd, 2009, 7:44 am

Empty this folder:

C:\Qoobox\Quarantine

Delete this:

C:\WINDOWS\system32\big ol virus.jpg

Empty Recycle Bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Popups and slow internet

Unread postby themasta » June 2nd, 2009, 8:56 am

Shaba wrote:Still problems?


No, the popups have stopped and the problematic sites are working again.

Thank you for your help, Shaba.
themasta
Active Member
 
Posts: 11
Joined: May 27th, 2009, 7:51 am
Top

Re: Popups and slow internet

Unread postby Shaba » June 2nd, 2009, 9:00 am

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 14.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date
    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Popups and slow internet

Unread postby themasta » June 2nd, 2009, 9:32 am

After uninstalling ComboFix and using the OTCleanIt tool I noticed that the Qoofix folder in my C: drive is gone but there is still a folder C:\32788R22FWJFW that is about 6MB and has 138 files and 1 folder. Some of the files refer to ComboFix (e.g. Combo-Fix.sys). The folder has some other applications such as mtee.cfexe, ERUNT.cfexe, pev.exe and catchme.cfexe (among others). Should I just leave this folder as it is?
themasta
Active Member
 
Posts: 11
Joined: May 27th, 2009, 7:51 am
Top

Re: Popups and slow internet

Unread postby Shaba » June 2nd, 2009, 9:42 am

You can delete it as well in that case :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Popups and slow internet

Unread postby Shaba » June 5th, 2009, 12:10 am

themasta this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 373 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index