Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer is slow won't update anything unknown virus


  • This topic is locked This topic is locked

#1
jlgizee

jlgizee

    Member

  • Member
  • PipPip
  • 23 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:30 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Mouse\bak\point32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.webcrawler.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\bak\point32.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServicesOnce: [washindex] c:\Program Files\Washer\washidx.exe "Owner"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12....es/MsnPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 7892 bytes

Malwarebytes' Anti-Malware 1.19
Database version: 914
Windows 5.1.2600 Service Pack 2

3:03:03 PM 7/2/2008
mbam-log-7-2-2008 (15-03-03).txt

Scan type: Quick Scan
Objects scanned: 46990
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\85958836168058513388055167105204 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\XP Antivirus (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\2E5C9567.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
Generated 07/02/2008 at 03:49 PM

Application Version : 3.6.1000

Core Rules Database Version : 3495
Trace Rules Database Version: 1486

Scan type : Complete Scan
Total Scan Time : 00:38:42

Memory items scanned : 439
Memory threats detected : 0
Registry items scanned : 6058
Registry threats detected : 0
File items scanned : 83175
File threats detected : 13

Adware.Tracking Cookie
C:\doc and set old\Erica\Cookies\[email protected][2].txt
C:\doc and set old\Erica\Cookies\[email protected][3].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][2].txt
C:\doc and set old\Erica\Cookies\[email protected][4].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][2].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][1].txt
C:\doc and set old\Erica\Cookies\[email protected][2].txt

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-04 13:31:50
PROTECTIONS: 1
MALWARE: 33
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1201 [VPS 080704-1] 4.8.1201 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00029258 application/altnet HackTools No 0 Yes No c:\windows\smdat32a.sys
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.casalemedia.com/]
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00147405 trj/dowcen.a Virus/Trojan No 0 Yes No c:\program files\daily weather forecast
00157143 Cookie/MyWay TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.com.com/]
00167671 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][3].txt
00167671 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.xiti.com/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][3].txt
00167742 Cookie/Myfunstart TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected]ww.myfunstart[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.azjmp.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.statcounter.com/]
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\doc and set old\Joey\Cookies\[email protected][1].txt
00167780 Cookie/Mircx TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\doc and set old\Joey\Cookies\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[www.burstbeacon.com/]
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][1].txt
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.realmedia.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.did-it.com/]
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd1frx2l.default\cookies.txt[.atwola.com/]
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\doc and set old\Erica\Cookies\[email protected][2].txt
00527204 Application/PRScheduler HackTools No 0 Yes No C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
02904109 Adware/Zango Adware No 0 Yes No C:\Documents and Settings\Owner\Desktop\Setup.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


any help on this would be greatly appreciated
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are already being helped in your original topic

Do not make multiple topics
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP