Computer Help forum

General discussion

zlob problem please help

by melek-taus / September 20, 2008 8:38 PM PDT

Hello to all.

I used to be able to remove all my spy/malware viruses myself. But since a couple of weeks i have gotten quite annoyed of this zlob thing.
When i run spybot i find Zlob.DNSchanger.rtk and right media. I used to find lots more but i used unlocker to remove them. But these are the ones that come back everytime i do a system check.
I also u antivir as an anitvirus. And almost every day or next day it finds this virus JS/Dldr.Agent.KO when i surf the web with opera.

Then problem i have is mainly with my internet. Its uber slow and some websites dont even load or take ages or i need to press f5 a couple of times. I used to use ie7 but suddenly it crashed every 5 minutes and when i did a google search i would just redirect to different (spam) sites or wouldnt do anything at all. This problem has gotten so bad that i couldnt use ie7 anymore. I tried downgrading it upgrading it again. Used the windows update aplications. But it didnt work. I cant even update my windows cuz it just gives me random failures when looking for updates.
Atm my ie7 works fine again. I found a program called msgms.exe wich is a zlob application i deleted it and my ie7 works normal again. I just is uber slow and wont open many sites. Google takes like 6 tries to open. And www.anime-source.com is a site i cant open at any time not even with google chrome or opera. While my brother on his computer doesnt have this problem at all.
Pls anyone help me fix my computer.

I use xp sp2 heres my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:00, on 21-9-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
G:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
G:\Program Files\Stardock\ObjectDock\ObjectDock.exe
G:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\PnkBstrA.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\alg.exe
G:\Program Files\Opera\Opera.exe
G:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\WINDOWS\system32\msiexec.exe
G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
G:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] G:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] G:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "G:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [G:\WINDOWS\system32\kdegl.exe] G:\WINDOWS\system32\kdegl.exe
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] G:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\melek ta' us\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "G:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = G:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211568151375
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213810279544&h=dbe7c12a2e9068034ce730a94f3b7f3f/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9625 bytes

Discussion is locked
You are posting a reply to: zlob problem please help
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: zlob problem please help
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
pls
by melek-taus / September 21, 2008 5:12 AM PDT

pls someone help me. My problem is getting worse by the minute. Even google takes up 5 mins to load if it does. I cant acces my mail or surf on the web.

Collapse -
Link to ...
by R. Proffitt Forum moderator / September 21, 2008 5:31 AM PDT
In reply to: pls

Read http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167&tag=forums06;forum-threads

This isn't a Hijackthis forum so while it's fine to have that ready you need to check if the forum you post to does those.
Bob

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.