« previous next »
Pages: [1]

Author Topic: PC running slow when running ZoneAlarm  (Read 780 times)

Offline yatsuba

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
PC running slow when running ZoneAlarm
« on: January 17, 2006, 03:52:20 PM »
My pc is running slow when running ZoneAlarm. Also my pc is freezing sometimes when It is in the menu where you can choose witch account you want to access.




Logfile of HijackThis v1.99.1
Scan saved at 21:49:31, on 17-1-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Utilities\HijackThis!\hijackthis.exe
D:\Utilities\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
D:\UTILIT~1\ZONEAL~1\MAILFR~1\mantispm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jarno
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B384511B-BC08-4DB2-B54B-CDBAACB16D65} - C:\WINDOWS\system32\dpcdll32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Utilities\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126781563750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126883732171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\agpjfmka.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #1 on: January 17, 2006, 04:51:52 PM »
==Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

I need you too disable your SpywareProtections until you are clean
They may, and probably will interfere with and fixes we are to try

SPYBOT:
Open Spybot>>Click MODE>>Advanced mode
Ok the prompt
Click on TOOLS in the bottom left>>Then click Resident
Uncheck only "Resident TeaTimer" on the right hand side
Allow the change
Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete, close out Spybot, we'll need it later

MAS:
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Please  save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete these files if found
C:\WINDOWS\system32\dpcdll32.dll <-file
C:\WINDOWS\system32\agpjfmka.dll <-file

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
 
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {B384511B-BC08-4DB2-B54B-CDBAACB16D65} - C:\WINDOWS\system32\dpcdll32.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\agpjfmka.dll (file missing)

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

Reboot back to Normal mode

Post the following please
1. Run hijackthis again, Post a fresh hijackthis log
2. Post the whole report from Ewido's
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yatsuba

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
PC running slow when running ZoneAlarm
« Reply #2 on: January 18, 2006, 03:42:58 PM »
I've done what you told me to do. I forgot to save the log from ewido, but ewido found nothing.
S&D did found something I tried to remove twice, once after a restart, but still it can't fix the problems.
Here are the things that S&D could not remove:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Here is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 16:38:02, on 18-1-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Utilities\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilities\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\UTILIT~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Utilities\HijackThis!\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jarno
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Utilities\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126781563750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126883732171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - D:\Utilities\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Utilities\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #3 on: January 19, 2006, 01:57:23 AM »
Quote
I've done what you told me to do. I forgot to save the log from ewido, but ewido found nothing.
Hmmm, I bet Ewido found some stuff
Can you recheck for updates with Ewido please as there have been recent ones

Can you reboot into safe mode

Go to start>>run>>in the open field copy and paste the following command line then hit OK

sc stop cmdService

Then type or copy and paste

sc delete cmdService

Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Reboot back to normal mode

POST the report from Ewido's and a new hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yatsuba

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
PC running slow when running ZoneAlarm
« Reply #4 on: January 19, 2006, 05:11:24 AM »
You were right Ewido found something.

---------------------------------------------------------
 ewido anti-malware - Scan rapport
---------------------------------------------------------

 + Gemaakt op:         11:06:22, 19-1-2006
 + Rapport samenvatting:      FDBF61AB

 + Scan resultaten:

   :mozilla.24:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.25:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.26:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.27:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.28:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.29:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.30:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.31:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.32:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.33:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.34:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
   :mozilla.35:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.36:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.37:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.38:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
   :mozilla.39:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
   :mozilla.40:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.41:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.42:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.43:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.44:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.45:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.46:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.47:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.48:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   :mozilla.52:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
   :mozilla.53:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
   :mozilla.54:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
   :mozilla.55:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.56:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.57:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.58:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.59:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.60:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
   :mozilla.63:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
   :mozilla.64:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
   :mozilla.66:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
   :mozilla.72:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
   :mozilla.73:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
   :mozilla.77:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
   :mozilla.78:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.[censored]-access : Schoongemaakt met een backup
   :mozilla.79:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
   :mozilla.81:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Bluestreak : Schoongemaakt met een backup
   :mozilla.82:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Valueclick : Schoongemaakt met een backup
   :mozilla.83:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Valueclick : Schoongemaakt met een backup
   :mozilla.114:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
   :mozilla.115:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
   :mozilla.116:C:\Documents and Settings\Jarno\Application Data\Mozilla\Firefox\Profiles\2p11qzu9.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
   C:\Documents and Settings\Jarno\Cookies\jarno@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
   C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.u : Schoongemaakt met een backup
   C:\WINDOWS\system32\dxdiagnd.dll -> Trojan.BHO.b : Schoongemaakt met een backup
   C:\WINDOWS\system32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.u : Schoongemaakt met een backup


::Einde rapport


My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:05, on 19-1-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Utilities\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Utilities\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
D:\UTILIT~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilities\HijackThis!\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jarno
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Utilities\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126781563750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126883732171
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - D:\Utilities\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Utilities\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #5 on: January 19, 2006, 11:13:09 AM »
Download F-Secure's BlackLight from HERE and save it to your Desktop.

Locate and double click blbeta.exe to run it - you will need to accept the license agreement.

Click the Scan button to start and then Next when it has finished scanning.(this scan won't take too long)

Let Blacklite rename the malicious files it finds any
If prompted, don't rename wbemtest.exe which is legitimate

The tool will ask if you want to reboot (restart), choose Yes.

A text file, fsbl-date/time, will be saved to your Desktop, copy and paste this into your next post.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yatsuba

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
PC running slow when running ZoneAlarm
« Reply #6 on: January 19, 2006, 03:22:48 PM »
blbeta log:

01/19/06 21:20:21 [Info]: BlackLight Engine 1.0.30 initialized
01/19/06 21:20:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/19/06 21:20:21 [Note]: 7019 4
01/19/06 21:20:21 [Note]: 7005 0
01/19/06 21:20:36 [Note]: 7006 0
01/19/06 21:20:36 [Note]: 7011 416
01/19/06 21:20:37 [Note]: FSRAW library version 1.7.1014
01/19/06 21:21:43 [Note]: 7007 0
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #7 on: January 19, 2006, 03:24:59 PM »
Came back clean, I just wanted to make sure that Ewido cleaned a couple bad guys

How's everything running?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline yatsuba

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
PC running slow when running ZoneAlarm
« Reply #8 on: January 19, 2006, 05:55:37 PM »
Nice and smooth thank you!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #9 on: January 19, 2006, 06:14:04 PM »
Sounds good

*If everything is running better
We should clear all your restore points to ensure you don't restore any nasties that may be residing in the
restore folders
Go to START>>RUN>>In the open field
type in msconfig
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"

Apply it and OK out of there>>Reboot your computer
                           
Back in Windows, Go back and take the check out of Turn off system restore
This will reenable the System Restore feature and creates a new restore point
                  [indent]===========================[/indent]
*For added protections against future attacks
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

                       [indent]===========================[/indent]
*Check for updates with your anti-spyware programs and run a check on a regular basis
About every couple of weeks

In addition
Open Spybot 1.4,
*Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Do that after every update

                       [indent]===========================[/indent]
I would opt to hold onto CleanUp! <--can be ran once a week
and Ewido<--check for updates once a month and run a scan
                       [indent]===========================[/indent]
You appear to be up to date on Windows updates
Just a reminder, if you are not set to Autoupdate, make a habit of visiting Windows Updates
and check for High Priority updates a couple times a month
This is important in keeping your system secure

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

EDIT>>You can go back now and re-enable MAS and TeaTimers protections
Can you run hijackthis again, if any entries we fixed earlier return after enabling the protections, let me know about it and post a new hijackthis log
If all looks good, I don't need to see a new hijackthis log
« Last Edit: January 20, 2006, 10:48:20 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
PC running slow when running ZoneAlarm
« Reply #10 on: January 29, 2006, 11:58:50 PM »
I'll lock this topic
As the problems are resolved

Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »