HiJack This logfile **plz have a look**

[Chris`]

My internet connection is slow and I dont have any idea why. I know there are people here that could make sense of this logfile.

TIA guys.

Running processes:

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\avp.exe

C:\Program Files (x86)\Trojan Remover\Trjscan.exe

C:\Program Files (x86)\Ad Muncher\AdMunch.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQCON/4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQCON/4

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQCON/4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)

R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\klwtbbho.dll

O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\avp.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=04497943&id=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=04497943&id=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=04497943&id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=04497943&id=menu_ie_exclude

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=04497943&id=menu_ie_report

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~2\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~2\KASPER~1\sbhook.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\avp.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firefox Service - Unknown owner - (no file)

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - (no file)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 12802 bytes

[Ambrocious]

This looks worrisome maybe:

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

You might want a second opinion before you delete that though.

[Chris`]

This looks worrisome maybe:

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

You might want a second opinion before you delete that though.

yes, I too thought that it did look a little suspicious. I deleted it and saved a backup of it just in case

can anybody tell me for sure what this is??

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

[toyo]

Description: File urlredir.dll is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 561,552 bytes (61% of all occurrence), 556,432 bytes, 564,624 bytes. This .dll file is a Browser Helper Object (BHO) that runs automatically every time you start your Internet browser. BHOs are not stopped by personal firewalls, because they are identified by the firewall as your browser itself. BHOs are often used by adware and spyware. The unique ID of this BHO is B4F3A835-0E21-4959-BA22-42B3008E02FF. The program is not visible. urlredir.dll is able to monitor Internet browser. The file is digitally signed. It is not a Windows core file. Therefore the technical security rating is 44% dangerous, however also read the users reviews.

http://www.runscanner.net/lib/URLREDIR.DLL.html

[motograter]

According to http://www.hijackthis.de nothing throws up any red flags. But i would ditch admuncher and use kis built in ad blocker. Might speed up web browsing.

[Chris`]

@toyo Thank you for your input

@motograter I did not know about this site, this will prove very valuable, thank you very much.

[toyo]

Chris, there are many variables that can affect the performance of your connection. Spyware and adware (that would be detected in the hijackthis logs) are among these factors. However, the best way is to ask an experimented specialist or friend to take a look at your computer, try Teamviewer if he isn't physically available.

Also, many times it's just the ISP that works on their gear, just phone them and politely ask what's wrong. This would be a nice first step you could take.

[Chris`]

Chris, there are many variables that can affect the performance of your connection. Spyware and adware (that would be detected in the hijackthis logs) are among these factors. However, the best way is to ask an experimented specialist or friend to take a look at your computer, try Teamviewer if he isn't physically available.

Also, many times it's just the ISP that works on their gear, just phone them and politely ask what's wrong. This would be a nice first step you could take.

I am going to call my ISP today, because this isn't like my computer to be so slow, actually my computer is acting as normal, the internet connection is the thing that's slow.

Teamviewer is an interesting program, I will look at it, thanks. Before coming to this site I would have never even entertained having someone access my computer. I trust everyone on this site.

[toyo]

I trust everyone on this site.

Please don't. Be sure we appreciate your enthusiasm and we are glad that you found a website that you like here. Sadly though, you can never tell who hides behind a nickname and a virtual identity. Always be with your guard up on the webs.

[Chris`]

I trust everyone on this site.

Please don't. Be sure we appreciate your enthusiasm and we are glad that you found a website that you like here. Sadly though, you can never tell who hides behind a nickname and a virtual identity. Always be with your guard up on the webs.

well to a certain degree, obviously! perhaps i was being a bit too enthusiastic! I feel mmore comfortable dl'ing fromt his site than any other.

I've uninstalled mozilla because all of this started after I updated to 4.0, could be a coincidence. and still being very slow.

very frustrated with this as this has been going on for 3 days now. :wut:

[Atasas]

honest advice:

you going not the way I would... basicly HijacThis is good tool, but for what you need is MBAM and Yamiscoft manager is tools to get there. Also Decent defragmentation helps.

But if you already spent 3 days- time wasted! just install new copy of windows and apps as per required (ideally from here) . Why?-most slow downs are due to malware, but as much is down to errors, misconfiguration etc.

Yes there is tools for every error etc, but considering time you've spent already - get Driver max- back up all drivers or see afterwards in Tuitorial section for all relative links, then try to do,

what I do for last few years: Get G-Parted live CD make active app partition of 20-25GB and another for you media (most of space); Documents (2bg); Programs+ (fixes 10GB). Then install windows to main partition (with Boot sys files) from your documents- cut paste music etc to partitions of files); then create shortcuts to desktop or documents to access those. Advantages: never loose no important files, system is optimum speed always relatively small and easy to clean. Also I disabled archiving (on all other partitions) for security and speed reasons as what I need- I know where it is.

[kmr1684]

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Kaspersky Lab1\Kaspersky Internet Security 2011\avp.exe

C:\Program Files (x86)\Trojan Remover\Trjscan.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

openly you are too much paranoid, just like me 3 years before :rofl:

what kind of slow down you are realizing surfing the web i.e. opening th webpage. or downloading anything from website. what is it exactly. becoz winpatrol and kis behaviour blocker works same not similar so that you use both. keyscrambler and kis behaviour blocker works same detects key locker and similar items. trojan remover is having problem with same kis.

for better install kis or use each software individually winpatrol+trojanremover+keyscrmbler+any firewall+ kaspersky av only. not full suite.

better learn each and indidvidual product how they works and how depth they may hooks to protect the pc. then you will come to know what i am try stress here.

every thing is in your hand no body replace your experience living with your pc and program use to protect. ask every major user here in the forum they will say layered approach not installing too much program for doing the same thing. for eg: winpatrol, keyscrambler, trojan remover.

if i were you i will install kis and use sandbox comes with it for everything and backup scanner will be MBAM (malwarebytes) thats it keep it simple as much as possible.

i do not konw how many programs you are using in realtime, any i think everything it is too much (over killing your pc). bye bye. thats it from my side, sorry for the long post and wasting your time to reading this. :P

[Chris`]

Thanks for your input guys.

I did a scan with MBAM and it found 2 infected objects, armaccess.dll in 'your uninstaller' and one in the memory module. I allowed MBAM to delete and uninstalled yu and am now waiting to see if this made a difference, seems okay so far.

@kmr1684 I am going to uninstall keyscrambler and trojan remover, as far as winpatrol, i think i am going to keep that. thanks for your advice!

[Thugsta]

I have the same problems here, I think that is a network issue