PDA

View Full Version : Spyware!!!!



Allmighty1976
2006-09-09, 18:34
Im having problems with some kind of spyware, I think! The problem shows itself in a couple of very annying ways. The first, when playing games I will hear a click and the program will minimize showing my desktop or somtimes the desktop with an open internet window. This problem is persistant. The other way it shows is when on desktop I hear a click every few minites, or is this the same problem also my antvirus will get a detection every couple of hours, usualy 5 or 6 one after another.

I have followed through the preliminary steps and the logs are as follows:

Active scan:

Incident Status Location

Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\2cks1ju6.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.go.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.research-int.se/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Slinky\Application Data\Mozilla\Firefox\Profiles\r5tw1wxr.default\cookies.txt[stats.drivecleaner.com/]



Hijacthis


Logfile of HijackThis v1.99.1
Scan saved at 15:29:38, on 09/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\PViever\pviever.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe

LonnyRJones
2006-09-15, 17:01
Hello and welcome to the Forum. :)
Sorry for the delay, your post seam's to have sliped by
If your still in need of assistance and not recieving it at another forum the next step is another hijackthis log, this time the entire log, mention the problems again to please.

tashi
2006-09-20, 08:27
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.