WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer very slow, almost crippled, constat IE crashes, and taskdir.e

Started by SAABMan , Mar 22 2006 09:39 PM

This topic is locked

4 replies to this topic

#1 SAABMan

New Member

Authentic Member
8 posts

Posted 22 March 2006 - 09:39 PM

Hi Everyone,
My computer has been running VERY slowly. I also get IE crashes when I try and type an address in, and ALWAYS when I try and view my favorites. Also, zonealarm says that taskdir.exe is trying to access the internet, which seems suspcious.

Ive run adaware and also did a disk defrag. I need this system running well soon so I can work a major presentation for school. Any help would be GREATLY appreciated. Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 10:31:14 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alex\Alex's Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} - https://accounting.q....164/qboax6.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://bbe.bloomber...inxp/AXXPEE.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103066995999
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 25 March 2006 - 06:44 PM

Hello Alex and welcome to TomCoyote forum. I hope we can make your schedule, but I can make no guarantees. First, ZA is right, here is the malware: C:\WINDOWS\system32\taskdir.exe It must be fairly new because information is scarce, here is the google on it:
http://www.google.co.....q=taskdir.exe I should also say I do not know if there is more infection but that is all I see in the log. We will check and clean a little, follow these directions in the posted order.

1) This program: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot see this: http://castlecops.co...plist-9265.html If you are not running the newest version, I suggest you uninstall the program.

2) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

3) Spyware Doctor may block the fix, you may have to turn it off until you are done.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\taskdir.exe >>> file

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

If you don't have a good cleaner, use this free one with these instructions:
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Restart the computer and post the ewido scan results, a new HJT log and any comments you have that will help.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 SAABMan

New Member

Authentic Member
8 posts

Posted 30 March 2006 - 11:24 PM

Thanks for helping me

Here is my updated HiJack This scan result:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:55 AM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Alex\Alex's Documents\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} - https://accounting.q....164/qboax6.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://bbe.bloomber...inxp/AXXPEE.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103066995999
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

And here are the results from my ewido scan:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:34:33 PM, 3/30/2006
+ Report-Checksum: BC8A8893

+ Scan result:

[4092] C:\WINDOWS\system32\ѕрoolsv.exe -> Adware.PurityScan : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E2EE3398-3679-6B34-51F3-26F80A4F6FA2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA6BD27F-288F-002A-F4A9-ABCF232371D9} -> Adware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@diginet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wfliqoazeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wfloeodzmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wgkyspczcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjk4smdzako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjk4sncjcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjkokhczeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjkycnd5ado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjkyulcjcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjl4umd5kdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjl4uocpcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjl4wld5weo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjl4wncpwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjmicmajiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjnyondpsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjnyqndzado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ehealthcaresolutions.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@link4ads[1].txt -> TrackingCookie.Link4ads : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@mazda.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@usnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@volkswagen.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@whitecastle.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Cookies\andrew athanasiou@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\Cookies\andrew athanasiou@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\Cookies\andrew athanasiou@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\Cookies\andrew athanasiou@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Andrew Athanasiou\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SB64WFP\loader2[1].ocx -> Downloader.Agent.ex : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\Cookies\family@www.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\Cookies\family@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
C:\EXACT.exe -> Trojan.Qhost.bi : Cleaned with backup
C:\temp\quarantine\archive[1].jar.Vir/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : Error during cleaning
C:\temp\quarantine\archive[1].jar.Vir/BlackBox.class -> Not-A-Virus.Exploit.Java.Bytverify : Error during cleaning
C:\WINDOWS\SYSTEM32\casync.dll -> Adware.Couponage : Cleaned with backup
C:\WINDOWS\SYSTEM32\wоwexec.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\ѕрoolsv.exe -> Adware.PurityScan : Cleaned with backup

::Report End

The computer still seems slow...and it was especially slow in loading up windows after I rebooted. Like, once my desktop appeared, it was slow to load everything, and I had to wait a while before I could even do anything. And, oftentimes the CPU useage is pinned very high, even when I'm not doing anything major....and when I go look in task manager at the processes running, and their CPU useage, it doesn't show any process that;s really using much CPU, but the CPU is still pinned.

Thanks!

Edited by SAABMan, 30 March 2006 - 11:26 PM.

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 31 March 2006 - 05:57 AM

Hello and thanks for returning your information, you said this:

The computer still seems slow...

Keep in mind you came here to have malware removed, sometimes malware is what is causing the computer to run slow, but often it is not, See this information:
http://www.microsoft...s/IEtopten.mspx
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html
There is much more available on Google if you search for it.

ewido anti-malware - Scan report Created on: 11:34:33 PM, 3/30/2006
C:\WINDOWS\system32\ѕрoolsv.exe -> Adware.PurityScan : Ignored
You chose to ignore this adware, it must be remove. You will either need to run ewido again, or delete the item in safe mode: C:\WINDOWS\system32\ѕрoolsv.exe <<< be very careful with the spelling. The valid file looks like this: C:\WINDOWS\system32\svchost.exe <<< do not delete this one.

C:\temp\quarantine\archive[1].jar.Vir/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : Error during cleaning
Open that C:\temp\quarantine folder and delete all of the contents.

Here is information to control the nasty cookies you are storing:
http://www.mvps.org/...002/cookies.htm
http://www.microsoft...acy/config.mspx
Some nasty sites can infect you using this method.

Keep in mind ewido is a security suite and it will also slow you down when it is running in realtime as it will be during the trial period. I will provide more information about ewido when we are finished with it.

Logfile of HijackThis v1.99.1 Scan saved at 12:15:55 AM, on 3/31/2006
I am seeing McAfee and GrisoftAVG running in your Services. It is a bad thing to run two antivirus programs at the same time, conflictions can cause all kinds of issues, including slowdowns, and you will be less safe than if you run one good program and maintain it properly. If you are running two, uninstall one of them, update and run a complete system scan with the other.
Post for me anything that could not be deleted during that scan.

These programs are running everytime you boot:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
http://castlecops.co...plist-9746.html

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
http://support.micro...om/?kbid=210875

I notice you are running Zone Alarm. You should make sure the SP2 firewall is turned off in the Security Center, running both at once will also cause you issues.

HJT is showing no malware, Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

Here is some information about high CPU usage and some troubleshooting information:
http://www.google.co...=high CPU usage
http://www.google.co... high CPU usage

I would also suggest you register free here: Diagnostic: http://www.pcpitstop.com/
Results: http://pcpitstop.inv...php?showforum=6
Run the diagnostic and post to the user to user forum for help understanding the results if you need them. Please post a link here so I can view the results.

Complete the instructions above and post a new HJT log along with your comments.

Thanks...Phil

Edited by pskelley, 31 March 2006 - 06:03 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 08 April 2006 - 01:15 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Body Background

skin color theme