Results 1 to 8 of 8

Thread: 2nd home pc seems to be running slow....

  1. 2006-11-14, 09:58 #1
    jasonmc
    jasonmc is offline
    Member
    Join Date
    Nov 2006
    Posts
    30

    Default 2nd home pc seems to be running slow....

    Heres the hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:22 p.m., on 14/11/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Other new topics:
    http://forums.spybot.info/showthread...2794#post52794
    http://forums.spybot.info/showthread...2792#post52792
    Last edited by tashi; 2006-11-14 at 16:21. Reason: Added links
  2. 2006-11-14, 16:18 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello

    Please see: "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  3. 2006-11-15, 06:28 #3
    jasonmc
    jasonmc is offline
    Member
    Join Date
    Nov 2006
    Posts
    30

    Default Panda log

    Hi there here is the panda log over 3 pages....

    Incident Status Location

    Adware:adware/intcodec Not disinfected c:\program files\IntCodec
    Adware:adware/whenusearch Not disinfected Windows Registry
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\u61mdd9y.default\cookies.txt[.tucows.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\u61mdd9y.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Gerard\Cookies\gerard@ccbill[2].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Gerard\Cookies\gerard@tickle[2].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.sexlist.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.hg1.hitbox.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[landing.domainsponsor.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jason\Cookies\jason@2o7[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jason\Cookies\jason@ad.yieldmanager[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\jason\Cookies\jason@ads.addynamix[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jason\Cookies\jason@atdmt[2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jason\Cookies\jason@bluestreak[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Cookies\jason@bs.serving-sys[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jason\Cookies\jason@casalemedia[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jason\Cookies\jason@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Cookies\jason@fastclick[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jason\Cookies\jason@overture[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jason\Cookies\jason@realmedia[2].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\jason\Cookies\jason@revenue[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Cookies\jason@serving-sys[2].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\jason\Cookies\jason@tickle[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jason\Cookies\jason@zedo[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.112.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected
  4. 2006-11-15, 06:32 #4
    jasonmc
    jasonmc is offline
    Member
    Join Date
    Nov 2006
    Posts
    30

    Default ...

    C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@2o7[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@ad.yieldmanager[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@ads.addynamix[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@advertising[1].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@as-us.falkag[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@atdmt[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@bs.serving-sys[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@burstnet[2].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@casalemedia[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@fastclick[2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@maxserving[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@media.fastclick[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@questionmarket[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@realmedia[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@serving-sys[2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@statcounter[2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@stats1.reliablestats[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@tribalfusion[1].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@winantivirus[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@xiti[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@zedo[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.tickle.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@2o7[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@888[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@888[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@ads.addynamix[1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@ads.pointroll[2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@advertising[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected
  5. 2006-11-15, 06:33 #5
    jasonmc
    jasonmc is offline
    Member
    Join Date
    Nov 2006
    Posts
    30

    Default ..

    C:\Documents and Settings\kirstin\Cookies\kirstin@atdmt[2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@azjmp[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@bs.serving-sys[1].txt
    Spyware:Cookie/Casalemedia Not disinfected
    C:\Documents and Settings\kirstin\Cookies\kirstin@casalemedia[1].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@cassava[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@fastclick[2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@maxserving[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@mediaplex[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@questionmarket[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@realmedia[1].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@revenue[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@serving-sys[2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@statcounter[1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@statse.webtrendslive[1].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tickle[1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@toplist[1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tradedoubler[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tribalfusion[2].txt
    Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@weborama[2].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@www48.seeq[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@xiti[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\michael\Cookies\michael@2o7[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\michael\Cookies\michael@atdmt[2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\michael\Cookies\michael@cgi-bin[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\michael\Cookies\michael@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\michael\Cookies\michael@fastclick[1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\fix comp\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Possible Virus. Not disinfected C:\fix comp\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
    Potentially unwanted tool:Application/Keyspy.B Not disinfected E:\installs\Unzips\setup.zip[setup.exe]
    Virus:W32/Alcaul.AB.worm Disinfected F:\Everyones My Documents\Michaels\Key Generator\Macromedia_Studio_MX_2004_Keygen_by_Bidjan.zip[Macromedia Studio MX 2004 Key Generator - by Bidjan/Macromedia Studio MX 2004 Key Generator - by Bidjan.exe]
    Dialer:Dialer.GQK Not disinfected F:\Favorites\Jasons\Desktop\Kazaa\New 5\int_ver34.CAB
  6. 2006-11-15, 06:33 #6
    jasonmc
    jasonmc is offline
    Member
    Join Date
    Nov 2006
    Posts
    30

    Default and a new hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:22 p.m., on 14/11/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    thanks.. for your time well appreciated...

    whats next

    jason
  7. 2006-11-19, 02:58 #7
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    E:\installs\Unzips\setup.zip[setup.exe]
    Virus:W32/Alcaul.AB.worm Disinfected F:\Everyones My Documents\Michaels\Key Generator\Macromedia_Studio_MX_2004_Keygen_by_Bidjan.zip[Macromedia Studio MX 2004 Key Generator - by Bidjan/Macromedia Studio MX 2004 Key Generator - by Bidjan.exe]
    Dialer:Dialer.GQK Not disinfected F:\Favorites\Jasons\Desktop\Kazaa\

    Uninstall kazaa and delete all keygens and i suggest the programs the keygens were for be uninstalled.

    serial/keygens/cracks are the bane of our existance, if you continue to use them there no sence in wasting your time and ours cleaning these pc's.
    You cannot trust programs downloaded with filesharring

    Since this shows
    Adware:adware/intcodec Not disinfected c:\program files\IntCodec

    Download SmitfraudFix (by S!Ri) to your Desktop.
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
    alternate download
    http://www.geekstogo.com/modules.php...download&id=80
    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    IMPORTANT: Do NOT run any other options until you are asked to do so!

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006
  8. 2006-11-26, 09:08 #8
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic has been closed to prevent others with similar issues posting in it.
    If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules