Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Computer And High Cpu Usage


  • This topic is locked This topic is locked
17 replies to this topic

#1 llama74

llama74

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 30 October 2006 - 03:09 PM

hi. my name is mark and i'm new to the forum but i've been having serious slow downs and can't run more than one program at once without big bog downs. my cpu usage is near 100% at all times. i've run norton, spybot, and zone alarm scans with nothing coming up that would cause it that i can see. i've included my hijack this log and was wondering if someone could help me.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:10 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Mouse 4.0\mouse32a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\mark\misc crap\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Mouse 4.0\mouse32a.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154544975421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154620605218
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 31 October 2006 - 08:43 AM

it's even slower today. took about 15 minutes to load the computer on start up and i'm freezing up typing this. iexplore.exe seems to be taking up a lot of the resouces. also a svchost.exe. help. i really don't know much about this stuff.

thanks

mark

#3 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 02 November 2006 - 11:20 AM

can anyone help here??? sorry to be bumping this but it's getting slower daily. i can hardly work on this machine now and it's all i have for my business.

thank you

mark

Edited by llama74, 02 November 2006 - 11:21 AM.


#4 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 02 November 2006 - 07:39 PM

so no help huh?

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:42 PM

Posted 03 November 2006 - 02:05 PM

Hello llama74,

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.



Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :thumbsup:

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
5. Click on "Save Report" to view all completed scans.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware 7.5

When done, submit the AVG Anti-Spyware 7.5 log report, the BitDefender log and a fresh Hijackthis log.

Edited by SifuMike, 03 November 2006 - 02:08 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 03 November 2006 - 05:11 PM

sorry this is taking so long. with the problems on the computer cpu was maxed out during the whole scan. took 3 hours to do. here's the bitdefender scan results. the rest will be following shortly


BitDefender Online Scanner



Scan report generated at: Fri, Nov 03, 2006 - 15:50:20





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
02:21:37

Files
440978

Folders
4915

Boot Sectors
4

Archives
1787

Packed Files
83521




Results

Identified Viruses
4

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
12




Engines Info

Virus Definitions
312429

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP104\A0028989.DLL
Infected with: Trojan.Funweb.A

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP104\A0028989.DLL
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP104\A0028989.DLL
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027376.dll
Detected with: Adware.SafetyAlerter.A

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027376.dll
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027376.dll
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027383.dll
Infected with: Trojan.Downloader.Zlob.ZI

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027383.dll
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027383.dll
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027384.exe
Infected with: Trojan.Downloader.Zlob.ZI

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027384.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027384.exe
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027385.exe
Infected with: Trojan.Agent.Zlob.P

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027385.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027385.exe
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027389.dll=>(Quarantine-2)
Detected with: Adware.SafetyAlerter.A

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027389.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027389.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027394.dll
Infected with: Trojan.Downloader.Zlob.ZI

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027394.dll
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027394.dll
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027395.exe
Infected with: Trojan.Downloader.Zlob.ZI

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027395.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027395.exe
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027396.exe
Infected with: Trojan.Downloader.Zlob.ZI

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027396.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027396.exe
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027399.exe
Infected with: Trojan.Agent.Zlob.P

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027399.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027399.exe
Deleted

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027400.exe
Infected with: Trojan.Agent.Zlob.P

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027400.exe
Disinfection failed

C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027400.exe
Deleted

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:42 PM

Posted 03 November 2006 - 07:31 PM

Hi Mark,

sorry this is taking so long.


That is OK. Hopefully the AVG Anti-Spyware run in safe mode will go faster. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 03 November 2006 - 08:56 PM

not much. here's the results.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:37:37 PM 11/3/2006

+ Scan result:



HKU\S-1-5-21-2025429265-1220945662-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-1220945662-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP104\A0028996.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027392.dll -> Downloader.Zlob.anu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027393.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027397.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DB08D5EC-381C-4CBC-A9A7-B5DB0238E00A}\RP99\A0027401.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@firstmarketinggroup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@truitionsirius.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.139:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.214:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.216:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.217:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.113:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.38:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.51:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.64:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.65:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.26:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.34:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.35:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ehg-theviptour.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ehg-tumbleweed.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.41:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.140:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.141:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.142:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.52:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.53:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.131:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.132:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.133:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.134:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.135:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.100:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.93:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.95:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.96:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.97:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.98:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.99:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.120:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.121:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@site.x10[2].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@x10[2].txt -> TrackingCookie.X10 : Cleaned.
:mozilla.103:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.81:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.209:C:\Documents and Settings\magic\Application Data\Mozilla\Firefox\Profiles\lakdkw29.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\magic\Cookies\magic@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\magic\Local Settings\Temp\Cookies\magic@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end




and the new hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 7:40:14 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\mark\misc crap\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Mouse 4.0\mouse32a.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154544975421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154620605218
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:42 PM

Posted 03 November 2006 - 09:49 PM

Hi Mark,

The log you posted was run from the Safe Mode and does not show all the running processes.
Go to the Normal Mode and post a fresh log. :thumbsup:
Thanks.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 04 November 2006 - 05:46 PM

i'm away from the computer until sunday night or monday now. i'll update you then, but it still seemed to be running pretty slow. sorry about the wrong hijackthis report.

#11 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 07 November 2006 - 08:17 AM

and finally, here's the hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 7:13:38 AM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Mouse 4.0\mouse32a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\mark\misc crap\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\mark\misc crap\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Mouse 4.0\mouse32a.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154544975421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154620605218
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:42 PM

Posted 07 November 2006 - 02:01 PM

Hello mark,

my cpu usage is near 100% at all times.


click these 3 buttons together:
Ctrl + Alt + Delete and it will bring up Task Manager

Go to Task Manager, select Process tab, double click on the CPU column (sorts it so highest cpu users are at the top) and tell me what processes are using the most cpu. Note that it is normal for System Idle Process to high, as this is you free memory.

I see you have utorrent running. Try killing the utorrent process with your Task Manager and see what happens.

How much RAM is on this computer? Anything less than 512 MB is gone to cause it to be slow.

When was the last time you did a Disk Defragmentation on this computer?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial

*******************************************

If you did not install or want Doyles Room Poker,
then click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:
Doyles Room Poker


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.

O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)

Did you intentionally add Doyles Room Poker? If not then "fix" it.
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe

The following are not necessarily spyware/malware, but I suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)


If you do not want Doyles Room Poker, then delete
C:\PROGRA~1\Doyles Room Poker\ <== folder

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.

Edited by SifuMike, 07 November 2006 - 02:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 07 November 2006 - 04:26 PM

i did close and removed utorrent. forgot that was running. doyles poker room is also removed. i'm going to update java after this post and work through the rest of the instructions on here. just wanted to post this first.

these are the top using processes right now.

firefox.exe mem usage 42564k
ccapp.exe 28400
svchost.exe 25524
vsmon.exe 17520
exlporer.exe 13188
javaw.exe 13084
ccsetmgr.exe 8004

i'll get back to you shortly with the rest of the stuff. thanks again.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:42 PM

Posted 07 November 2006 - 04:35 PM

exlporer.exe 13188

<== this you spell this correctly? :thumbsup:
Did you mean explorer.exe? explorer.exe is the Windows Program Manager or Windows Explorer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 llama74

llama74
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 07 November 2006 - 05:03 PM

typo. sorry about that. it's explorer.exe

also, 768mb of ram. and the defrag is a good idea. haven't done that since i got the new drive in july or august.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users