PPRuNe Forums - View Single Post - Slooow Internet Connection
Thread: Slooow Internet Connection
View Single Post
Old 22nd Nov 2004, 18:11
  #7 (permalink)  
Tosh McCaber
 
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes on 0 Posts
E-Liam,

Connected to CWShredder, it tells me that it removed 5 infected IE registry values- here are the test results:

**** Run Keys ****

RUN: [PCTVOICE] pctspk.exe
RUN: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
RUN: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
RUN: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
RUN: [SetIcon] C:\Program Files\Icons\SetIcon.exe
RUN: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [AtBHOObj Class] C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll


**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx
TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TOOLBAR: [&RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
TOOLBAR: [GuruNet] C:\PROGRA~1\GURUNET\Toolbar\GuruNetToolbarU.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll


**** IE Extensions ****

IEExt: [Fill Forms]
IEExt: [Save]
IEExt: [RoboForm]


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
Local Page: C:\WINNT\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.google.com


**** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
IEContext: [Customize Menu &4] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IEContext: [Fill Forms &]] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IEContext: [GuruNet...] file:C:\Program Files\GuruNet\Html\atiemenu.htm
IEContext: [Save Forms &[] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Translate into English] res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD nwlnkipx [IPX]
LSP: MSAFD nwlnkspx [SPX]
LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream]
LSP: MSAFD nwlnkspx [SPX II]
LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
LSP: MSAFD AppleTalk [ADSP]
LSP: MSAFD AppleTalk [ADSP] [Pseudo Stream]
LSP: MSAFD AppleTalk [PAP]
LSP: MSAFD AppleTalk [RTMP]
LSP: MSAFD AppleTalk [ZIP]
LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 12
LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 12
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 13
LSP: MSAFD NetBIOS [\Device\Nbf_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 13
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\Nbf_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{853044FE-D1FA-45B7-8964-779E6B5C00BC}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{22CACA24-DE38-4A34-BE7D-692C96751211}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{FACC2C66-F481-4548-92B9-9AD725D6B898}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{0440CB41-3777-40EF-AB1C-DAFF2714F6D3}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{55116BFA-02D6-49BD-827C-A2F1AFA7EB91}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{61C1F62B-11FD-46D2-86BB-89ADA4FAA162}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] SEQPACKET 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{113F9B93-87B3-4C85-AA77-BB21774A00BA}] DATAGRAM 14
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A566A020-98BE-4EAB-BF53-007A391359A6}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D23BA655-3BA1-4C1E-B2DB-9B0F09F5DB9D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{361F32D5-7EC7-437D-9143-A85D16CB1E64}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3350071D-5B80-40B2-86C0-DB73114FC0F1}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE8C6951-FFF4-467D-BA55-3D94DD7EBEB2}] DATAGRAM 11


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
ppctlcab [http://www.pestscan.com/scanner/ppctlcab.cab] C:\WINNT\Downloaded Program Files\ppctl.dll
{0E5F0222-96B9-11D3-8997-00104BD12D94} [http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB] C:\WINNT\System32\sysres.dll C:\WINNT\Downloaded Program Files\DiskFAU.dll C:\WINNT\Downloaded Program Files\PCPitstop.dll
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [http://www.musicnotes.com/download/mnviewer.cab]
{13E23C9E-3018-4AC1-B998-C08BF1814DB0} [http://ftp.gurunet.com/pub/cabs/GNInstaller.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/s...irector/sw.cab]
{2FC9A21E-2069-4E47-8235-36318989DB13} [http://www.pestscan.com/scanner/axscanner.cab]
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab]
{737D14F8-4090-11D4-AE0E-0010830243BD} [file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab] C:\WINNT\tmupdate.ini C:\WINNT\runtsckl.exe C:\WINNT\patchw32.dll C:\WINNT\Downloaded Program Files\xscan53.ocx
{74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} [http://www.techsmith.com/codec/tsccinst.cab]
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} [http://toolbar.google.com/data/GoogleActivate.cab]
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} [http://anonymous:[email protected]]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...209.5720601852]
{AE9DCB17-F804-11D2-A44A-0020182C1446} [file://D:\SuperCD\IntraLaunch.CAB]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub...sh/swflash.cab]
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} [http://register.btopenworld.com/temp...control012.cab]
{F281A59C-7B65-11D3-8617-0010830243BD} [file://C:\Program Files\AutoCAD 2002\AcPreview.ocx]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [http://fdl.msn.com/public/chat/msnchat45.cab]


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

Thanks for your help!
Tosh McCaber is offline