Jump to content


slow internet ....

  • Please log in to reply
2 replies to this topic

#1 samantha34f



  • Full Member
  • Pip
  • 19 posts

Posted 24 July 2004 - 01:22 PM


about two month ago i had problems with my computer
and internet and you helped me a lot.

i think some spyware entered my computer again
and slows my internet activity.

i use windows xp home edition
i connect by adsl

please advise ....


#2 dave38


    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 July 2004 - 02:13 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 samantha34f



  • Full Member
  • Pip
  • 19 posts

Posted 24 July 2004 - 04:28 PM

Logfile of HijackThis v1.97.7
Scan saved at 00:26:21, on 25/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
E:\program files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
E:\program files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\Program Files\NaviSearch\bin\nls.exe
E:\program files\תוכנות אינטרנט\Ultimate Popup Killer\Popupkiller.exe
E:\program files\Chaos Software2\Chaos 6\alarm.exe
E:\program files\ShortcutCaddy\ShortcutCaddy.exe
E:\program files\Symantec\WinFax\WFXCTL32.EXE
E:\program files\תוכנות אינטרנט\e-mule\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\program files\תוכנות אינטרנט\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\program files\תוכנות אינטרנט\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://o.walla.co.il/?w=/@ie/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.walla.co.il
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://o.walla.co.il/?w=/@ie/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.walla.co.il
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://o.walla.co.il/?w=/@ie/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Walla!
R3 - URLSearchHook: (no name) - _{A1B39585-C871-46F8-A4A9-AF186D545944} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\2B5C~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - E:\program files\Compass\CmpsIE.dll
O3 - Toolbar: &Walla!Bar - {A1B39585-C871-46F8-A4A9-AF186D545944} - C:\Program Files\Walla\wbar\WebBand.v0112.dll
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\2B5C~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [WinampAgent] E:\program files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DesktopProf] c:\windows\pulpit.exe ukrt
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [wvaykkqfv] C:\WINDOWS\System32\ixgbrlhu.exe
O4 - HKLM\..\Run: [afuhgbgz] C:\WINDOWS\afuhgbgz.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Ultimate Popup Killer] E:\program files\תוכנות אינטרנט\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [alarm.exe] "E:\program files\Chaos Software2\Chaos 6\alarm.exe"
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Controller.LNK = E:\program files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Dictionary - http://www.ezreferen..._/ie-com-p3.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreferen...ie-com-e-p3.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Allow popups - file://E:\program files\תוכנות אינטרנט\Ultimate Popup Killer\Popupkiller.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stop popups from this web page - E:\program files\תוכנות אינטרנט\popup killer\denysite.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: הורד באמצעות פלאש-גט - E:\program files\תוכנות אינטרנט\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - E:\program files\תוכנות אינטרנט\FlashGet\jc_all.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...d12cbd5372935d8
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} (ARSign Class) - https://www.join.poa...abs/arpkcom.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin....dll/gxbplug.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/sp/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BACF397-9623-4F68-A6FB-4AE50872D9F0}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BACF397-9623-4F68-A6FB-4AE50872D9F0}: NameServer =

T H A N K S !!!!!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button