1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

XP antivirus/google redirect/ internet reset.....

Discussion in 'Malware and Virus Removal Archive' started by xflightx, 2008/09/15.

  1. 2008/09/15
    xflightx

    xflightx Guest Thread Starter

    OK, where to start....
    downloaded anti virus miss click I am so stupid yes.
    I got most of it off with spywarebot and malwarebyts, though I am still having issues.

    One is a very slow internet connection "50 seconds to load a page" accompanied by, a (Connection Interrupted. The connection to the server was reset while the page was loading.) I loose connection about every 5 pages and have to Repair the connection... and of cores the (Google redirect).
    here is the log from hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:12:13 PM, on 9/15/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATITool\ATITool.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe "
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219222120953
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    ________________________________________________________

    And here is the log from mwb

    Malwarebytes' Anti-Malware 1.24
    Database version: 1012
    Windows 5.1.2600 Service Pack 3

    3:09:12 PM 9/15/2008
    mbam-log-9-15-2008 (15-09-01).txt

    Scan type: Quick Scan
    Objects scanned: 78114
    Time elapsed: 15 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Helper (Adware.BHO) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> No action taken.

    Files Infected:
    C:\Documents and Settings\styx\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 02_36_42 PM_140.log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 02_36_54 PM_156.log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_27_26 PM_156.log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_27_55 PM_890.log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Log\2007 Oct 17 - 06_39_39 PM_187.log (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\styx\Application Data\SpywareBot\Settings\ScanResults.pie (Rogue.SpywareBot) -> No action taken.
    C:\Documents and Settings\Destin\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Destin\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
     
    xflightx,
    #1
  2. 2008/09/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi xflightx
    Welcome to Windowsbbs.

    First you need to rerun MBAM, you did not let it clean what it found.
    C:\Program Files\Helper (Adware.BHO) -> No action taken.

    Please follow these instructions when running MBAM.

    Open MBAM
    Please click on the update tab then update. let it update if any were found.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh HijackThis log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Now please do this.

    • Download RSIT by random/random and save it to your desktop.
    • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
    • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
    • Please post the contents of the log.txt here in your next reply.

    Please post the MBAM log and the log.txt from RSIT.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...