Computer is slower than usuall, plz help

blargenth · #1 (**permalink**) 27-04-2006, 05:29 PM

Im pretty sure ive followed the instructions correctly
ive scanned with adaware and spybot (spybot found nothing as usuall, and adaware attacked all the popups saved in my cookies, also normal)

so what ever is making my computer slow is beyond both of these. heres my hijack this log, please help me soon:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:20 AM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\cracks\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.stpaulsmobile.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.stpaulsmobile.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}

- c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1

\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program

Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1

\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages

By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1

\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1

\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QCTRAY] C:\Program

Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program

Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program

Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program

Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1

\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program

Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1

\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonito r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB

-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

- C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-

B9FB-E8409F9A0BC5} - C:\Program

Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX

Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec

RuFSI Utility Class) -

http://security.symantec.com/sscv6/S...common/bin/cab

sa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsof...Controls/en/x8

6/client/muweb_site.cab?1125857927060
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall

ActiveX 6.5) - http://eu-housecall.trendmicro-

europe.com/housecall/applet/html/native/x86/win32/activex/hcImp

l.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -

http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access

Support) - https://www-

307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -

https://rtc4.webresponse.one.microso...xp/TLIEFlash.C

AB
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys

Content Update) -

http://www.linksysfix.com/netcheck/4...l/gtdownls.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.apple.com.edgesuite...n/ITDetector.c

ab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx

Class) - https://music.msn.com/client/msnmusax3313.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

stpauls.local
O17 - HKLM\Software\..\Telephony: DomainName = stpauls.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

stpauls.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =

stpauls.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32

\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32

\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32

\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32

\tphklock.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1

\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner -

C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)

Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus

Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1

\Rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner

- C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32

\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation -

C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) -

Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service

(default)) - Analog Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner -

C:\WINDOWS\system32\TpKmpSVC.exe

thanks
Blargenth

VopThis · #2 (**permalink**) 28-04-2006, 01:51 PM

Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

Quote:

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days. We are not installing the guard because it might interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

REBOOT.

Please do an online scan (scan only tool) with Kaspersky WebScanner

[Internet Explorer required]
Go to Kaspersky website: www.kaspersky.com/virusscanner and click on the Kaspersky Online Scanner BUTTON/BOX.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  - Extended (if available otherwise Standard)
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

blargenth · #3 (**permalink**) 01-05-2006, 01:22 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:18:30 PM, 4/30/2006
+ Report-Checksum: 760970EC

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
C:\Documents and Settings\Dbutler\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gu mmy.class-329ce0bf-4cff8809.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@adopt.specificcli ck[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cartoonnetwork.12 2.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@chicagosuntimes.1 22.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cnetaustralia.122 .2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[3].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[5].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[6].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[7].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@com[8].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@data1.perf.overtu re[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@data3.perf.overtu re[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@download.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@download.com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@e-2dj6wfk4qgdjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@e-2dj6wjkycoazcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@e-2dj6wjmiemdpidq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@galasource.122.2o 7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@idg.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@komtrack[1].txt -> TrackingCookie.Komtrack : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@microsofteup.112. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@powellsbooks.122. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@prizeamerica.aava lue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@reciperewards.aav alue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@server.iad.livepe rson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@server4.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@t***[2].txt -> TrackingCookie.T*** : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.burstbeacon[5].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.myaffiliatepr ogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@www2.enigmasoftwa regroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dbutler\Cookies\dbutler@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinAdServX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\system32\in10b6.dll -> Dropper.Small.abe : Cleaned with backup
C:\WINDOWS\system32\PLSRemote.exe -> Not-A-Virus.RemoteAdmin.Win32.PLSRemot : Cleaned with backup

::Report End

VopThis · #4 (**permalink**) 01-05-2006, 03:48 AM

Do you have an available log for Kaspersky antivirus scan?

How is your PC now behaving - any improvement?

blargenth · #5 (**permalink**) 01-05-2006, 12:43 PM

KASPERSKY ON-LINE SCANNER REPORT
Monday, May 01, 2006 6:41:46 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 1/05/2006
Kaspersky Anti-Virus database records: 190809

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
S:\
T:\

Scan Statistics
Total number of scanned objects 96341
Number of viruses found 5
Number of infected objects 8
Number of suspicious objects 2
Duration of the scan process 03:19:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip/fldznv.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip ZIP: suspicious - 1 skipped

C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP653\A0122643.dll Infected: Trojan-Dropper.Win32.Small.abe skipped

C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP653\A0122644.exe Infected: not-a-virus:RemoteAdmin.Win32.PLSRemot skipped

C:\temp\pootz_58.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\temp\pootz_58.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\temp\pootz_58.exe WiseSFX: infected - 2 skipped

Scan process completed.

VopThis · #6 (**permalink**) 01-05-2006, 01:17 PM

Clean out your SpyBot recovery area from time-to-time:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip

The use of BitTorrent or any P2P application significantly increases your risk profile and the LIKELIHOOD of becoming infected (and could be the direct cause of your current infections). Accordingly, your prevention and detection activities must be that much stronger. However, any infection could make your PC completely unresolvable.

Complete the following steps in SAFE MODE (tapping the F8 key upon reboot), if necessary:

DELETE files:
C:\temp\pootz_58.exe

Quote:

Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only

It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Let us know how your PC is now behaving.

blargenth · #7 (**permalink**) 01-05-2006, 04:34 PM

cleared everything in spybot revory folder
uninstalled bit torrent (i dont use it anymore)
deleted "pootz" without need of safe mode
dowloaded, and used ATF succesfully

preparring to test the outcome