BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Slower internet - possible spyware? what my it be?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Slower internet - possible spyware? what my it be?  
Forum Quick Jump
 
New Topic Post reply to : Slower internet - possible spyware? what my it be? Printable version of : Slower internet - possible spyware? what my it be?
[ << Previous Thread | Next Thread >> ]

deiv
New Member


Date Joined Jun 2007
Total Posts : 3
 
   Posted 7/31/2007 10:58 PM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
Logfile of HijackThis v1.99.1
Scan saved at 23:49:15, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\hijakthis\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.one.co.il/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70041060-A033-4462-8FFE-EE5735664DA0}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
 
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 01:29:10 31/07/2007
 + Scan result: 
 
C:\Documents and Settings\Moshe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HCVWVGZ\zpopup[2].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@clubmed.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@msnisrael.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@stpetersburgtimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\יונה\Cookies\יונה@msnisrael.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ad.adnet[1].txt -> TrackingCookie.Adnet : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\יונה\Cookies\יונה@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@castup[1].txt -> TrackingCookie.Castup : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@switch5.castup[1].txt -> TrackingCookie.Castup : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@castup[1].txt -> TrackingCookie.Castup : Cleaned.
C:\Documents and Settings\יונה\Cookies\יונה@castup[1].txt -> TrackingCookie.Castup : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tal\Cookies\tal@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ehg-clubmedasia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@idot[1].txt -> TrackingCookie.Idot : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@im.impact[1].txt -> TrackingCookie.Impact : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.36:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\יונה\Cookies\יונה@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@www.res99[2].txt -> TrackingCookie.Res99 : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@a.total-media[1].txt -> TrackingCookie.Total-media : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@a.total-media[1].txt -> TrackingCookie.Total-media : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.23:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.24:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.25:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.26:C:\Documents and Settings\Tal\Application Data\Mozilla\Firefox\Profiles\vkw637mk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Moshe\Cookies\moshe@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Moshe\Local Settings\Temp\Cookies\moshe@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
 
ComboFix 07-07-30.2 - "Tal" 07/31/2007 23:32:28.1 [GMT 3:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1255.1.1033.18.True
 * Created a new restore point
[i] ADS removed - svchost.exe: deleted 68 bytes in 1 streams. [/i]
(((((((((((((((((((((((((   Files Created from 2007-06-28 to 2007-07-31  )))))))))))))))))))))))))))))))

No new files created in this timespan

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
07/31/2007 07:36 PM --------- d-------- C:\Program Files\FlashGet
07/28/2007 03:51 PM --------- d-------- C:\Program Files\eMule
07/27/2007 05:40 PM --------- d-------- C:\Program Files\Symantec AntiVirus
07/21/2007 09:55 AM --------- d-------- C:\Program Files\Combined Community Codec Pack
07/21/2007 01:21 AM --------- d-------- C:\Program Files\mIRC
07/13/2007 03:50 PM --------- d-------- C:\DOCUME~1\Tal\APPLIC~1\dvdcss
07/11/2007 08:51 PM --------- d-------- C:\Program Files\DAP
06/17/2007 12:11 AM 51200 --a------ C:\WINDOWS\nircmd.exe
05/28/2007 05:52 PM --------- d-------- C:\DOCUME~1\Tal\APPLIC~1\Skype
05/16/2007 06:12 PM 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 04:52 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 01:30 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/24/2006 02:19 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 05:57 PM]
"nwiz"="nwiz.exe" [03/09/2006 04:29 PM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [07/06/2007 10:10 PM]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [07/29/2004 04:04 PM]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [08/22/2005 03:19 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/07/2007 08:34 AM]
C:\Documents and Settings\Tal\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S2 Mysee2_Runtime;Mysee2_Runtime;C:\WINDOWS\System32\svchost.exe -k mysee2
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mysee2 Mysee2_Runtime

**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 23:35:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"\xf88d\5\x5f1\5\x5d0\5\x5f0\5"="C:\Documents and Settings\\x5d9\x5d5\x5e0\x5d4\My Documents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000023f
"TracesSuccessful"=dword:00000220
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 07/31/2007 23:36:45
 --- E O F ---
 
********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
Tue 07/31/2007 18:48:57.75
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 18:48:58
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:b6789e12
"s1"=dword:b2f13881
"s2"=dword:c2341906
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:64,c1,56,07,2f,30,9e,bf,0f,e6,65,ca,95,f1,89,80,89,0c,44,de,af,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,14,d8,e6,1e,03,f5,d7,11,f3,52,82,bf,05,74,8c,27,..
"khjeh"=hex:af,a3,e0,23,3b,16,aa,54,eb,48,95,ce,32,69,bf,e2,3a,cd,fa,ac,c9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:70,6f,ef,ab,0a,10,09,6f,65,f4,91,36,b4,6e,a9,73,59,d1,fe,f5,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:88,d2,44,a0,cd,ee,c9,a3,8c,cf,09,fa,d8,3a,c9,9f,bd,33,af,29,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b6,a2,b8,7c,ea,49,56,e5,4b,3f,a1,ae,af,ea,88,1f,7e,35,d0,e8,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:64,c1,56,07,2f,30,9e,bf,0f,e6,65,ca,95,f1,89,80,89,0c,44,de,af,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,14,d8,e6,1e,03,f5,d7,11,f3,52,82,bf,05,74,8c,27,..
"khjeh"=hex:af,a3,e0,23,3b,16,aa,54,eb,48,95,ce,32,69,bf,e2,3a,cd,fa,ac,c9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:70,6f,ef,ab,0a,10,09,6f,65,f4,91,36,b4,6e,a9,73,59,d1,fe,f5,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:88,d2,44,a0,cd,ee,c9,a3,8c,cf,09,fa,d8,3a,c9,9f,bd,33,af,29,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b6,a2,b8,7c,ea,49,56,e5,4b,3f,a1,ae,af,ea,88,1f,7e,35,d0,e8,8d,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"\xf88d\5\x5f1\5\x5d0\5\x5f0\5"="C:\Documents and Settings\\x5d9\x5d5\x5e0\x5d4\My Documents"
scanning hidden files ...
hidden processes: 0
hidden files: 0
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 8/1/2007 6:42 AM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
Hello deiv smile
 
 
It looks clean to Me.
 
 
How are things running now ?


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

deiv
New Member


Date Joined Jun 2007
Total Posts : 3
 
   Posted 8/1/2007 10:51 AM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
Well I dont know honestly... Somethimes it runs fine but sometimes the internet and download speed is very slow, and it might even stuck while downloading..
I've contacted my ISP and they told me to do start > run > then some program which shows the active conenctions, (all of my browser windows were closed), and there was more than 1 active connection.
They said that its probably spyware or something like that, and thats the probably reason why my download speed is less than normal somethimes (I usually download at 200kb/s).
If you say it all looks clean than i'll just give it another try and see if it goes smooth.. Perhaps all of the cleaning actions did help and everything is ok now...

Is there anything I can do, or some way to test that everything is ok?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 8/2/2007 8:36 AM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
Run the below scan tools - just to be sure.
 
 
Please download free  Trial of Superantispyware
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
 
Download and install DrWebCureit:
 
to your desktop.
 
 
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
 
 
 
 
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green  arrow in lower right corner It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running  ?
 
 
 
 
 
Look here how to block for tracking cookies:
 
 
 
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

deiv
New Member


Date Joined Jun 2007
Total Posts : 3
 
   Posted 8/5/2007 10:45 PM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
Well I think its really messed up... and im quite frustrated... my internet isn't as slow, but I cant download properly.
I would say about 50% of my downloads will either stuck, or complete but the file will be corrupted... I cant even download the superantispyware...
I would have to ask my cousing to e-mail it to me... Just like he sent me the Combofix... What could it be? perhaps its something with my settings?
I will soon post the logs.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 8/7/2007 9:51 AM (GMT +2)    Quote: Slower internet - possible spyware? what my it be?Alert an admin about: Slower internet - possible spyware? what my it be?
I suggest You repair XP without loss of data -
 
http://www.michaelstevenstech.com/XPrepairinstall.htm


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Post reply to : Slower internet - possible spyware? what my it be? Printable version of : Slower internet - possible spyware? what my it be?
 
Forum Information
Currently it is Sunday, November 23, 2014 9:28 AM (GMT +2)
There are a total of 60,769 posts in 13,349 threads.
In the last 3 days there were 0 new threads and 3 reply posts. View Active Threads
Who's Online
This forum has 36820 registered members. Please welcome our newest member, clairebutler.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Will the problems never end? (4)11/21/2014 8:06:59 AM (Deb1957)
Bgscan parameters (4)11/20/2014 7:17:53 PM (janis)