Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer, malware/adware?


  • Please log in to reply

#1
Cm002300

Cm002300

    Member

  • Member
  • PipPip
  • 21 posts
Hey!
I've scanned using all the programs in the guide, which really seemed to clear out most of the mess.
According to the Panda scan, I have malware on my computer, along with adware. I also noticed that my DSL will crash almost at random, which doesn't usually happen. When running any torrent/p2p program, my internet will shut off instantly. Not sure why, but I don't use any of those programs because of it.
Now my net will stop working, and the modem needs to be reset, even if no one has touched the computer.
I also noticed something is strange about my Zboard, a gaming keyboard. In the majority of the scans, it reports it as some form of adware.

Any advice you can give would be greatly appreciated! ^_^

Logs:

Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 5.1.2600 Service Pack 2

6:00:11 PM 7/10/2008
mbam-log-7-10-2008 (18-00-07).txt

Scan type: Quick Scan
Objects scanned: 40965
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

PANDA SCAN LOG

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-10 19:39:03
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.526 7.5.526 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\eMusic\eMusic Download Manager\Profiles\6ita569i.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.tribalfusion.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\eMusic\eMusic Download Manager\Profiles\6ita569i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\eMusic\eMusic Download Manager\Profiles\6ita569i.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.apmebf.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\k37ug8j0.default\cookies.txt[.go.com/]
00293079 Spyware/7r7t Spyware No 1 Yes No C:\Program Files\Ideazon\Zboard Software\Driver\KUpdate.exe
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.ads.addynamix.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt[.ads.addynamix.com/]
00332270 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{8AC4E77A-BEC5-4FB3-9200-98197246586C}\RP337\A0085779.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{8AC4E77A-BEC5-4FB3-9200-98197246586C}\RP337\A0085780.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{8AC4E77A-BEC5-4FB3-9200-98197246586C}\RP337\A0085827.dll
01271851 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8AC4E77A-BEC5-4FB3-9200-98197246586C}\RP306\A0077141.dll
01271851 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8AC4E77A-BEC5-4FB3-9200-98197246586C}\RP305\A0076484.DLL
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location U
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description U
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

ANTISPYWARE LOG



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2008 at 06:11 PM

Application Version : 4.15.1000

Core Rules Database Version : 3501
Trace Rules Database Version: 1492

Scan type : Quick Scan
Total Scan Time : 00:05:28

Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 389
Registry threats detected : 0
File items scanned : 4572
File threats detected : 0

Adware.Tracking Cookie
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Casey\Application Data\Mozilla\Firefox\Profiles\aydsaix3.default\cookies.txt ]


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:46 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1182474078734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182474055812
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7190 bytes
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP