MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: toolbar5.trafficgeneration.biz
November 22, 2019, 07:01:58 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 07:01:58 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: toolbar5.trafficgeneration.biz  (Read 1723 times)
ingivi
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 28


Bookmark and Share

View Profile
« on: May 11, 2005, 10:49:50 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: win 2000 NT
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


I think I have some spyware on my PC but when I run AD-Aware no file is identified.
When I try to connect to internet, with firewall Zone Alarm active, the browser is redirected to toolbar5.trafficgeneration.biz.
Could somebody help me?
Thanks a lot.

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 14, 2005, 01:34:18 AM »

Please download HijackThis.  It will create a directory folder for you. Run a scan and save the log file.  Post the whole log file here.  Do not fix anything since most of them listed there are harmless (some are system required).  This program will help  determine what,if any, spyware/malware is on your computer.
Logged

An Australian Member of

EDDY
ingivi
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 28


Bookmark and Share

View Profile
« Reply #2 on: May 16, 2005, 05:23:27 PM »

Here we are.

this is th HJT logfile

Logfile of HijackThis v1.99.1
Scan saved at 19.18.43, on 16/05/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Intel\LDCM\bin\IIDS.exe
C:\WINNT\system32\cba\pds.exe
C:\Programmi\Intel\LDCM\bin\ssm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\Programmi\Creative\News\NewsUpd.EXE
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Programmi\Intel\LDCM\Bin\USM.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINNT\System32\internat.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Documents and Settings\administrator\Documenti\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINNT\DOWNLO~1\ipreg32.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\System32\nsg2C.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Programmi\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Programmi\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll
O23 - Service: Alert on LAN 2 Proxy (aolnsrvr) - Intel Corporation - C:\Programmi\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Programmi\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Programmi\Intel\LDCM\bin\ssm.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

and this is the silent runners logfile

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"NewsUpd" = "C:\Programmi\Creative\News\NewsUpd.EXE /q" ["Creative Technology Ltd.]
"Rilevatore di dischi" = "C:\Programmi\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd.]
"CreativeMixer" = "C:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t" ["Creative Technology Ltd.]
"Register MediaRing Talk" = "C:\Programmi\MediaRing Talk\register.exe" ["MediaCom]
"Disc Detector" = "C:\Programmi\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd.]
"User Space Manager" = "C:\Programmi\Intel\LDCM\Bin\USM.exe" ["Intel Corporation]
"Adaptec DirectCD" = "C:\PROGRA~1\Adaptec\DirectCD\directcd.exe" ["Adaptec]
"Zone Labs Client" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC]
"CreateCD" = "C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r" ["Adaptec]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\(Default) = "CDownCom Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\DOWNLO~1\ipreg32.dll" [file not found]
{999A06FF-10EF-4A29-8640-69E99882C26B}\(Default) = "ohb"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\nsg2C.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc.]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec Directcd Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Adaptec\DirectCD\shellex.dll" ["Adaptec]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{D56A1203-1452-EBA1-7294-EE3377770000}" = "Interlinking Memory Support"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\param32.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"SystemCheck2" = "{54645654-2225-4455-44A1-9F4543D34545}"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\vbsys2.dll" [null data]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "(NESSUNO)" [file not found]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is enabled.

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\Web\Wallpaper\Alberi innevati.jpg"


Startup items in "Utente" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"EPSON Status Monitor 3 Environment Check" -> shortcut to: "C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE" ["SEIKO EPSON CORPORATION]
"Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"DSLMON" -> shortcut to: "C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Alert on LAN 2 Proxy, aolnsrvr, "C:\Programmi\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe" ["Intel Corporation]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINNT\System32\CTSvcCDA.exe" ["Creative Technology Ltd]
Intel File Transfer, Intel File Transfer, "C:\WINNT\system32\cba\xfr.exe" ["Intel Corporation]
Intel IIDS, Intel IIDS, "C:\Programmi\Intel\LDCM\bin\IIDS.exe" ["Intel Corporation]
Intel PDS, Intel PDS, "C:\WINNT\system32\cba\pds.exe" ["Intel Corporation]
Intel SSM, Intel SSM, "C:\Programmi\Intel\LDCM\bin\ssm.exe" ["Intel Corporation]
Sistema di eventi COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

thanks a lot.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: May 17, 2005, 12:51:03 AM »

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes
.These instructions are for HJT v1.99.1 only


Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This  in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check
Logged

An Australian Member of

EDDY
ingivi
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 28


Bookmark and Share

View Profile
« Reply #4 on: May 17, 2005, 10:03:49 PM »

Here we are:
This the new HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 0.02.55, on 18/05/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Intel\LDCM\bin\IIDS.exe
C:\WINNT\system32\cba\pds.exe
C:\Programmi\Intel\LDCM\bin\ssm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Programmi\Intel\LDCM\Bin\USM.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINNT\System32\internat.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Programmi\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Programmi\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\Clean UP!\Cleanup.exe /WindowsRestart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
O23 - Service: Alert on LAN 2 Proxy (aolnsrvr) - Intel Corporation - C:\Programmi\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Programmi\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Programmi\Intel\LDCM\bin\ssm.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: May 18, 2005, 12:17:21 AM »

Your log is now clean.If you turned off Restore,turn it back on and create a Restore Point,

Please use this as   Your Guide to Spyware Prevention and use the tools provided.
Logged

An Australian Member of

EDDY
ingivi
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 28


Bookmark and Share

View Profile
« Reply #6 on: May 18, 2005, 06:21:35 AM »

Thank you so much, I cannot create a restore point (WIN 2000 NT).
I'll use the guide.
Bye
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 25, 2018, 07:31:17 AM