PDA

View Full Version : Help Please



Engine5
2007-03-08, 09:39
Panda Scan:

Incident Status Location

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ePete\Cookies\epete@questionmarket[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ePete\Cookies\epete@perf.overture[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ePete\Cookies\epete@microsofteup.112.2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ePete\Cookies\epete@2o7[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ePete\Cookies\epete@z1.adserver[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[data.coremetrics.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[citi.bridgetrack.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.247realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.as-us.falkag.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.bfast.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mold Medic LLC\Application Data\Mozilla\Firefox\Profiles\7gp01c6z.default\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\W. Pete Reid AAL\Cookies\w._pete_reid_aal@com[1].txt

HiJack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:32:45 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

pskelley
2007-03-08, 15:53
Welcome to the forum, you have me at a slight disadvantage here. You asked for help and seem to know what your problem is but you are not sharing the information with me? Let me say first that your Panda scan is showing nothing but cookies that you should not store anyway and your HJT log is clean but for the fact your Java program is slightly out of date, see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2

If you just stopped for a check, consider it done, if you have a malware issue, you need to do your best to communicte it to me. Post any error messages you receive "word for word".

Thanks

tashi
2007-03-19, 03:27
Due to lack of a response to helper this topic has been archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.