JoeCam
Aug 28 2006, 12:53 PM
Hello, I am desperate for help and I don't know where to turn next. I just recently built this system and it had worked great for 3 days. Then all of a sudden after I visited a web site I started getting massive pop-ups. I ran Ad-aware SE and found like 85 virus's, then let ad-aware remove them. It didn't remove them cause I still had pop-ups. I also ran in safe mode and cleaned what it could find there, still no luck of removal. I ran AVG anti-virus and it found like 20 virus, let it clean them, then ran ad-aware again. Didn't find anymore through ad-aware. Still had pop-ups. I installed Spydoctor (registered version) and it found numerous viruses, cleaned and retried in safe mode. Again, found more and removed. After numerous programs being ran I can safely say that there is now no viruses being found and no pop-ups are now occuring. But I noticed my internet explorer was very Slow.
I went to Network connections in accessories and seen that my bytes sent is going up dramatically and my bytes recieved is staying the same low number. I have a router installed in my house and my wifes machine was getting extremely slow internet since I started getting these problems. I disconnected my cat 5 cable from my ethernet and hers is ok. I checked her bytes sent and it never moves but a couple of bytes every few seconds if even that much. I have tried everything I can to fix this with no luck and I dont want to reformat since I just got all my stuff installed on this pc after building it. You helped me about a month and a half ago when I thought there was no help that could be done and fixed me right up, now I REALLY need your help desperately.... What should I do????????? Please help, thank you.
JoeCam
Aug 28 2006, 01:18 PM
I also forgot to add that what ever is causing this had also caused my windows firewall to become disabled. I also could not use task manager, it said I had to be an administrator to use this function. Weird since I already had admin rights and was the only one who had been using this pc. I found alot of people had this problem happen to them on the net and was able to find a cure for both. The firewall said it could not load due to an unknown reason. I now have both working but I really do believe this is related to my bandwidth issue. Please help!!! Thanks for reading...
Ad Astra
Aug 28 2006, 09:06 PM
Hi
Having the firewall disabled for a period would have left your system subject to infection attempts from a wide range of port scanning malware.
Please post a copy of a recent scan using Ad-Aware:
) Start Ad-Aware SE
2) In the Ad-Aware SE Status window click on the "Check for updates now" link then the connect button and follow the prompts to ensure you have the most up to date defintions file.
3) Press the start button and in the Preparing System Scan window select the option "Perform full system scan", click on "Search for negligible risk entries" so that it shows a red cross i.e. is deselected and click on "Search for low-risk threats" so that is shows green tick i.e. is selected.
4) Click the next button to start the full scan, when the scan finishes click on the show logfile button. In the log window right mouse click and select "Select all..." then right mouse click again and select "Copy to clipboard" then paste in a reply to this thread.
Also include a HijackThis log see this thread for details:
http://www.lavasoftsupport.com/index.php?showtopic=216
JoeCam
Aug 28 2006, 10:33 PM
Thanks for the reply. Earlier I downloaded panda free 30 day trial. Ran the scan it found 2 files in the system32 folder. It automatically removed them and stopped the bandwidth thief. Thank you again for the quick response. I am now surfing fast again.
JoeCam
Aug 29 2006, 05:13 AM
Sorry posted to soon. I ran defrag and then noticed Zone Alarm activity started back again. I checked my bytes sent again and seen 67 megs had already been sent out somewhere. I reran panda, then it found 1 virus. Then the activity stopped again just as before. I then was browsing (safe sites) the web again and internet started to craw again. I noticed the same activity as before.. I ran all my virus and spyware progs I have with all the latest updates, and found nothing this time except for adaware finding small stuff. Oh yeah when panda found the virus that stopped it a little while ago, it was a cookie with the extension of nameofsomething(2).txt. I only noticed the (2) and .txt. So I really need your help again. Sorry... Here is the logs for Ad-aware and hijack...
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, August 28, 2006 11:52:45 PM
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
8-28-2006 11:52:45 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 8-29-2006 12:29:11 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 8-29-2006 12:29:12 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 8-29-2006 12:29:13 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 8-29-2006 12:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 8-29-2006 12:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 8-29-2006 12:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 8-29-2006 12:29:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus 2007\
ProcessID : 1144
ThreadCreationTime : 8-29-2006 12:29:14 AM
BasePriority : High
FileVersion : 2, 0, 1840, 28
ProductVersion : 2, 0, 1840, 28
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : On-Access Antivirus Scanner Service.
LegalCopyright : © Panda Software 2006
#:9 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus 2007\
ProcessID : 1156
ThreadCreationTime : 8-29-2006 12:29:14 AM
BasePriority : Normal
FileVersion : 2, 0, 1840, 30
ProductVersion : 2, 0, 1840, 30
ProductName : Panda Antimalware File Protection
CompanyName : Panda Software International
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine
LegalCopyright : © Panda Software 2006
OriginalFilename : avengine.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 8-29-2006 12:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1372
ThreadCreationTime : 8-29-2006 12:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 8-29-2006 12:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1664
ThreadCreationTime : 8-29-2006 12:29:18 AM
BasePriority : Normal
FileVersion : 6.5.731.000
ProductVersion : 6.5.731.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1676
ThreadCreationTime : 8-29-2006 12:29:18 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 248
ThreadCreationTime : 8-29-2006 12:29:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:16 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ProcessID : 548
ThreadCreationTime : 8-29-2006 12:29:28 AM
BasePriority : Normal
FileVersion : 1.4.52.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe
#:17 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 8-29-2006 12:29:28 AM
BasePriority : Normal
FileVersion : 6.14.10.9131
ProductVersion : 6.14.10.9131
ProductName : NVIDIA Driver Helper Service, Version 91.31
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 91.31
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:18 [psimsvc.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus 2007\
ProcessID : 596
ThreadCreationTime : 8-29-2006 12:29:28 AM
BasePriority : Normal
FileVersion : 2, 6, 36, 0
ProductVersion : 2, 6, 36, 0
ProductName : Panda Antivirus
CompanyName : Panda Software
FileDescription : Panda Interface Manager Service
InternalName : PsImSvc
LegalCopyright : © Panda Software 2006.
OriginalFilename : PsImSvc.exe
#:19 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1120
ThreadCreationTime : 8-29-2006 12:29:31 AM
BasePriority : Normal
FileVersion : 3.6.0.2025
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
#:20 [starwindservice.exe]
FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\
ProcessID : 1572
ThreadCreationTime : 8-29-2006 12:29:31 AM
BasePriority : Normal
FileVersion : 2.6.1 Build 0x20050401
ProductVersion : 2.6.1 Build 0x20050401
ProductName : StarWind
CompanyName : Rocket Division Software
FileDescription : StarWind iSCSI Target (Alcohol Edition)
InternalName : StarWind
LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.
OriginalFilename : StarWind
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 8-29-2006 12:29:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2628
ThreadCreationTime : 8-29-2006 12:29:59 AM
BasePriority : Normal
FileVersion : 6.5.731.000
ProductVersion : 6.5.731.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:23 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2652
ThreadCreationTime : 8-29-2006 12:30:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:24 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Ahead\Lib\
ProcessID : 2740
ThreadCreationTime : 8-29-2006 12:30:11 AM
BasePriority : Normal
#:25 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2752
ThreadCreationTime : 8-29-2006 12:30:15 AM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3332
ThreadCreationTime : 8-29-2006 12:31:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:27 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus 2007\
ProcessID : 3780
ThreadCreationTime : 8-29-2006 12:57:02 AM
BasePriority : Normal
FileVersion : 7.00.09
ProductVersion : 7.00.09
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2006
OriginalFilename : ApVxdWin.exe
#:28 [webproxy.exe]
FilePath : c:\program files\panda software\panda antivirus 2007\
ProcessID : 3860
ThreadCreationTime : 8-29-2006 12:57:05 AM
BasePriority : Normal
FileVersion : 6, 2, 22, 533
ProductVersion : 6, 2, 16, 0
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : Internet resident proxy
InternalName : WebProxy.exe
LegalCopyright : © Panda Software 2006
#:29 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 2936
ThreadCreationTime : 8-29-2006 3:33:30 AM
BasePriority : Normal
FileVersion : 4.0.0.2613
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2005. Distributed by PC Tools Research Pty Ltd
OriginalFilename : swdoctor.exe
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2540
ThreadCreationTime : 8-29-2006 3:41:28 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [ad-watch.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 332
ThreadCreationTime : 8-29-2006 3:44:07 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 1632
ThreadCreationTime : 8-29-2006 3:52:02 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0
11:54:18 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:32.531
Objects scanned:101787
Objects identified:0
Objects ignored:0
New critical objects:0
-----------------------------------------------------------------------------------------------------------------------------
Now Hijackthis..................................
Logfile of HijackThis v1.99.1
Scan saved at 11:56:37 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\Apvxdwin.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\notepad.exe
C:\Files\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ad Astra
Aug 30 2006, 08:53 PM
Hi
There is nothing of concern in the HijackThis log.
The nameofsomething(2).txt is a tracking cookie. These are not malicious but can be used to monitor web sites you visit. They do not identify you personally but by having a unique serial number a tracking cookie can be used by advert sites to monitor which web pages you visit.
You may wish to regularly remove these using a tool like Ad-Aware SE. A quick setting in Internet Explorer will prevent many of these being saved on your system. In Internet Explorer select Tools then select Internet Options. Now click on the privacy tab, click the Advanced button then check the box "Override automatic cookie handling" and under the column labelled "Third-pary Cookies" click to select "Block". Click OK to close the windows. Blocking third-party cookies will stop many tracking cookies and will not affect your normal browsing.
Alternatively for a fuller cookie solution you may wish to use a cookie manager see Spike-nz's post here:
http://www.lavasoftsupport.com/index.php?s...ost&p=15396As for the network traffic please try this. Please close all applications and browser windows then run this command (closing applications will make the output much easier to read)
Click start select run and enter the text in bold below
cmd
click the OK button to start a command window, this has a black background. In the command window the text in bold below
netstat -an > c:\connects.txt
then press the return key, this will output the TCP and UDP connections to a file called connects.txt in the top folder of your C: drive. Open Windows explorer navigate to this folder and double click on the connects.txt file to open in notepad. Please post a copy of the connects in a reply to this thread. We can see if there are any odd network connections being made.
Many thanks