Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

IE and Outlook Express v v slow - Hijackthis analyser output attached

This is a discussion on IE and Outlook Express v v slow - Hijackthis analyser output attached within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. For the past few days my IE and OE is v slow. I ran Ad-aware, Spy-BOT. But to no avail.


 
 
Thread Tools Search this Thread
Old 01-12-2005, 03:03 PM   #1
Guest
 
Join Date: Jan 2005
Posts: 6
OS:



For the past few days my IE and OE is v slow. I ran Ad-aware, Spy-BOT. But to no avail. I read in this forum an advice to run Hijackthis and the Hijackthis analyser. I did that and attached below is the Results.txt. Can somebody assist in analysing this output ?

________________________
===========================================================================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/12/05
Get updates at https://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 10:53:24 PM, on 1/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
D:\DOWNLOADS\TESCOBROADBAND\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\IENACLEN.EXE
C:\PROGRAM FILES\MOZILLAFIREFOX\FIREFOX.EXE
D:\CLEAN COMP\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.zpecialoffer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.zpecialoffer.com/results.asp?keyword=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: {A4A58A2C-B039-432B-8BC1-DCA7AC0757DC} - - (no file)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\DOWNLOADS\ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SDWin32 Class - {72D48AF9-CB33-4604-87A6-AE4470F59957} - C:\WINDOWS\SYSTEM\YJCME.DLL (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\downloads\tescobroadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [a3vqRWc7R] IENACLEN.EXE
O4 - Startup: stdialup.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin6.dll
O15 - Trusted Zone: https://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: https://memberservices.tesco.net
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - https://www.zoomify.com/download/zoomify204.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://knightsbridge.webex.com/clie...ex/ieatgpc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - https://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - https://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - https://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: ppctlcab - https://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - https://www.pestscan.com/scanner/axscanner.cab


End of KRC HijackThis Analyzer Log.
===========================================================================================================================
wadivkarts is offline  
Sponsored Links
Advertisement
 
Old 01-12-2005, 05:19 PM   #2
TSF Team Emeritus, Security Team
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,821
OS: Every Windows OS known to man


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. When we have confirmed that your log file is clean, you may enable System Restore again by following the same steps as above except you should uncheck Disable System Restore.

Download AboutBuster and unzip it to a folder on your the Desktop. Do not run it yet.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\SYSTEM\IENACLEN.EXE

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.zpecialoffer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.zpecialoffer.com/results.asp?keyword=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: {A4A58A2C-B039-432B-8BC1-DCA7AC0757DC} - - (no file)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: SDWin32 Class - {72D48AF9-CB33-4604-87A6-AE4470F59957} - C:\WINDOWS\SYSTEM\YJCME.DLL (file missing)
O4 - HKCU\..\Run: [a3vqRWc7R] IENACLEN.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

Run AboutBuster and follow the prompts to scan (choose Yes/OK for all). It will ask you if you want a second scan, choose Yes. Save the log file and post it here.

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\SYSTEM\IENACLEN.EXE

Reboot into Normal Mode and run new HijackThis scan. Save the log file and run HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.
CTSNKY is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:53 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts