PDA

View Full Version : 2nd home pc seems to be running slow....



jasonmc
2006-11-14, 10:58
Heres the hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 9:54:22 p.m., on 14/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Other new topics:
http://forums.spybot.info/showthread.php?p=52794#post52794
http://forums.spybot.info/showthread.php?p=52792#post52792

tashi
2006-11-14, 17:18
Hello

Please see: "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)

jasonmc
2006-11-15, 07:28
Hi there here is the panda log over 3 pages....

Incident Status Location

Adware:adware/intcodec Not disinfected c:\program files\IntCodec
Adware:adware/whenusearch Not disinfected Windows Registry
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\u61mdd9y.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\u61mdd9y.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Gerard\Cookies\gerard@ccbill[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Gerard\Cookies\gerard@tickle[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\0ixqjqp3.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jason\Cookies\jason@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jason\Cookies\jason@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\jason\Cookies\jason@ads.addynamix[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jason\Cookies\jason@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Cookies\jason@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jason\Cookies\jason@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jason\Cookies\jason@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jason\Cookies\jason@fastclick[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jason\Cookies\jason@overture[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jason\Cookies\jason@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\jason\Cookies\jason@revenue[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jason\Cookies\jason@serving-sys[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\jason\Cookies\jason@tickle[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jason\Cookies\jason@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected

jasonmc
2006-11-15, 07:32
C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jeanette\Application Data\Mozilla\Firefox\Profiles\tenc7lge.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@ads.addynamix[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@fastclick[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@media.fastclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@stats1.reliablestats[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jeanette\Cookies\jeanette@zedo[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\kirstin\Application Data\Mozilla\Firefox\Profiles\2e3trws7.default\cookies.txt[.tickle.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@888[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected

jasonmc
2006-11-15, 07:33
C:\Documents and Settings\kirstin\Cookies\kirstin@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@azjmp[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\kirstin\Cookies\kirstin@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@cassava[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@fastclick[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@revenue[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@statse.webtrendslive[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tickle[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@weborama[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\kirstin\Cookies\kirstin@xiti[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\fgyz19f7.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\michael\Cookies\michael@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\michael\Cookies\michael@atdmt[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\michael\Cookies\michael@cgi-bin[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\michael\Cookies\michael@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\michael\Cookies\michael@fastclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\fix comp\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\fix comp\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Potentially unwanted tool:Application/Keyspy.B Not disinfected E:\installs\Unzips\setup.zip[setup.exe]
Virus:W32/Alcaul.AB.worm Disinfected F:\Everyones My Documents\Michaels\Key Generator\Macromedia_Studio_MX_2004_Keygen_by_Bidjan.zip[Macromedia Studio MX 2004 Key Generator - by Bidjan/Macromedia Studio MX 2004 Key Generator - by Bidjan.exe]
Dialer:Dialer.GQK Not disinfected F:\Favorites\Jasons\Desktop\Kazaa\New 5\int_ver34.CAB

jasonmc
2006-11-15, 07:33
Logfile of HijackThis v1.99.1
Scan saved at 9:54:22 p.m., on 14/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

thanks.. for your time well appreciated...

whats next

jason

LonnyRJones
2006-11-19, 03:58
E:\installs\Unzips\setup.zip[setup.exe]
Virus:W32/Alcaul.AB.worm Disinfected F:\Everyones My Documents\Michaels\Key Generator\Macromedia_Studio_MX_2004_Keygen_by_Bidjan.zip[Macromedia Studio MX 2004 Key Generator - by Bidjan/Macromedia Studio MX 2004 Key Generator - by Bidjan.exe]
Dialer:Dialer.GQK Not disinfected F:\Favorites\Jasons\Desktop\Kazaa\

Uninstall kazaa and delete all keygens and i suggest the programs the keygens were for be uninstalled.

serial/keygens/cracks are the bane of our existance, if you continue to use them there no sence in wasting your time and ours cleaning these pc's.
You cannot trust programs downloaded with filesharring

Since this shows
Adware:adware/intcodec Not disinfected c:\program files\IntCodec

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
alternate download
http://www.geekstogo.com/modules.php?modid=5&action=download&id=80
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

tashi
2006-11-26, 10:08
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.