Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

XP antivirus/google redirect/ internet reset.....

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 15th September 2008   #1
Member
 
Profile:
Join Date: Sep 2008
Posts: 0
Computer Experience:
intermediate
xflightx Reputation Level

My System

Question XP antivirus/google redirect/ internet reset.....
OK, where to start....
downloaded anti virus miss click I am so stupid yes.
I got most of it off with spywarebot and malwarebyts, though I am still having issues.

One is a very slow internet connection "50 seconds to load a page" accompanied by, a (Connection Interrupted. The connection to the server was reset while the page was loading.) I loose connection about every 5 pages and have to Repair the connection... and of cores the (Google redirect).
here is the log from hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:13 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1219222120953
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
________________________________________________________

And here is the log from mwb

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3

3:09:12 PM 9/15/2008
mbam-log-9-15-2008 (15-09-01).txt

Scan type: Quick Scan
Objects scanned: 78114
Time elapsed: 15 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> No action taken.

Files Infected:
C:\Documents and Settings\styx\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 02_36_42 PM_140.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 02_36_54 PM_156.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_27_26 PM_156.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_27_55 PM_890.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_39_39 PM_187.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\styx\Application Data\SpywareBot\Settings\ScanResults.pie (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Destin\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Destin\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
xflightx is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 16th September 2008   #2
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi xflightx
Welcome to Windowsbbs.

First you need to rerun MBAM, you did not let it clean what it found.
C:\Program Files\Helper (Adware.BHO) -> No action taken.

Please follow these instructions when running MBAM.

Open MBAM
Please click on the update tab then update. let it update if any were found.
  • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Now please do this.
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of the log.txt here in your next reply.

Please post the MBAM log and the log.txt from RSIT.

Thanks
Geri
Geri is offline   Reply With Quote
Reply

« Google Redirect | Google redirect malware! »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan-Downloader.BAT.Ftp.ab--how to remove tamilseo Malware and Virus Removal 6 20th February 2006 06:15
Clearing Temp Internet Files LarryB General Internet 20 17th May 2004 01:04
Flaw Temporary Internet Files rogersch General Internet 1 12th July 2002 07:55
Deleating files from Temporary Internet Folder ilovegod Internet Explorer 3 12th July 2002 03:12
deleting temporary internet files alkat Internet Explorer 3 12th July 2002 03:06


All times are GMT +1. The time now is 03:10.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33