0

everytime i play a file and thn close WM the process wmplayer.exe stays on the task manager but is not using cpu but MEM USAGE :-|
if i open 100 time WM i see 100 wmplayer.exe using memory on the task manager

Logfile of HijackThis v1.99.1
Scan saved at 8:12:01 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\FOLDER~1\FGKey.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exeC:\Program Files\windows media player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JMSONY\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] C:\Program Files\Logitech\SetPoint\LBTWiz.exe -silent
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143408332859
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro\FGH32.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

3
Contributors
9
Replies
10
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Hah jeez, thats not good, welcome to Daniweb by the way. Ok, begin by trying to uninstall

MessengerPlus! 3

This program is FILLED with spyware. Next, begin by checking these entries in HJT:

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After this, download SpySweeper, Ewido, and CCleaner from my signature below. Update the definitions for each one, but dont run them yet. Next, reboot into safe mode and start by deleting this file:

C:\Program Files\MessengerPlus!3

Next, run Ewido, Spysweeper, and CCleaner, saving the Ewido and Spysweeper logs.

Then, reboot into normal mode again, and post the 2 logs, along with a new HJT log.

Thanks.

0
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           9:27:21 PM, 3/29/2006
+ Report-Checksum:      BB5BA0B1


+ Scan result:


C:\Documents and Settings\JMSONY\Cookies\jmsony@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@ehg-sonycomputer.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\JMSONY\Cookies\jmsony@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup



::Report End


********
9:13 PM: |       Start of Session, Wednesday, March 29, 2006       |
9:13 PM: Spy Sweeper started
9:13 PM: Sweep initiated using definitions version 556
9:13 PM: Starting Memory Sweep
9:13 PM: Memory Sweep Complete, Elapsed Time: 00:00:40
9:13 PM: Starting Registry Sweep
9:14 PM: Registry Sweep Complete, Elapsed Time:00:00:15
9:14 PM: Starting Cookie Sweep
9:14 PM:   Found Spy Cookie: 2o7.net cookie
9:14 PM:   [email]jmsony@2o7[1].txt[/email] (ID = 1957)
9:14 PM:   Found Spy Cookie: yieldmanager cookie
9:14 PM:   [email]jmsony@ad.yieldmanager[2].txt[/email] (ID = 3751)
9:14 PM:   Found Spy Cookie: specificclick.com cookie
9:14 PM:   [email]jmsony@adopt.specificclick[2].txt[/email] (ID = 3400)
9:14 PM:   Found Spy Cookie: addynamix cookie
9:14 PM:   [email]jmsony@ads.addynamix[1].txt[/email] (ID = 2062)
9:14 PM:   Found Spy Cookie: revenue.net cookie
9:14 PM:   [email]jmsony@ads1.revenue[1].txt[/email] (ID = 3258)
9:14 PM:   Found Spy Cookie: advertising cookie
9:14 PM:   [email]jmsony@advertising[1].txt[/email] (ID = 2175)
9:14 PM:   Found Spy Cookie: falkag cookie
9:14 PM:   [email]jmsony@as-us.falkag[1].txt[/email] (ID = 2650)
9:14 PM:   Found Spy Cookie: atlas dmt cookie
9:14 PM:   [email]jmsony@atdmt[2].txt[/email] (ID = 2253)
9:14 PM:   Found Spy Cookie: bluestreak cookie
9:14 PM:   [email]jmsony@bluestreak[1].txt[/email] (ID = 2314)
9:14 PM:   Found Spy Cookie: casalemedia cookie
9:14 PM:   [email]jmsony@casalemedia[2].txt[/email] (ID = 2354)
9:14 PM:   Found Spy Cookie: overture cookie
9:14 PM:   [email]jmsony@data2.perf.overture[1].txt[/email] (ID = 3106)
9:14 PM:   [email]jmsony@data3.perf.overture[1].txt[/email] (ID = 3106)
9:14 PM:   Found Spy Cookie: ru4 cookie
9:14 PM:   [email]jmsony@edge.ru4[2].txt[/email] (ID = 3269)
9:14 PM:   Found Spy Cookie: fastclick cookie
9:14 PM:   [email]jmsony@fastclick[2].txt[/email] (ID = 2651)
9:14 PM:   Found Spy Cookie: hotlog cookie
9:14 PM:   [email]jmsony@hotlog[1].txt[/email] (ID = 2801)
9:14 PM:   Found Spy Cookie: screensavers.com cookie
9:14 PM:   [email]jmsony@i.screensavers[1].txt[/email] (ID = 3298)
9:14 PM:   [email]jmsony@media.fastclick[1].txt[/email] (ID = 2652)
9:14 PM:   [email]jmsony@msnportal.112.2o7[1].txt[/email] (ID = 1958)
9:14 PM:   [email]jmsony@overture[1].txt[/email] (ID = 3105)
9:14 PM:   [email]jmsony@perf.overture[1].txt[/email] (ID = 3106)
9:14 PM:   Found Spy Cookie: realmedia cookie
9:14 PM:   [email]jmsony@realmedia[1].txt[/email] (ID = 3235)
9:14 PM:   [email]jmsony@revenue[2].txt[/email] (ID = 3257)
9:14 PM:   Found Spy Cookie: adjuggler cookie
9:14 PM:   [email]jmsony@rotator.adjuggler[1].txt[/email] (ID = 2071)
9:14 PM:   [email]jmsony@sel.as-us.falkag[1].txt[/email] (ID = 2650)
9:14 PM:   Found Spy Cookie: spylog cookie
9:14 PM:   [email]jmsony@spylog[2].txt[/email] (ID = 3415)
9:14 PM:   Found Spy Cookie: onestat.com cookie
9:14 PM:   [email]jmsony@stat.onestat[2].txt[/email] (ID = 3098)
9:14 PM:   Found Spy Cookie: statcounter cookie
9:14 PM:   [email]jmsony@statcounter[1].txt[/email] (ID = 3447)
9:14 PM:   Found Spy Cookie: tribalfusion cookie
9:14 PM:   [email]jmsony@tribalfusion[2].txt[/email] (ID = 3589)
9:14 PM:   Found Spy Cookie: myaffiliateprogram.com cookie
9:14 PM:   [email]jmsony@www.myaffiliateprogram[2].txt[/email] (ID = 3032)
9:14 PM:   Found Spy Cookie: xiti cookie
9:14 PM:   [email]jmsony@xiti[1].txt[/email] (ID = 3717)
9:14 PM:   Found Spy Cookie: yadro cookie
9:14 PM:   [email]jmsony@yadro[1].txt[/email] (ID = 3743)
9:14 PM:   Found Spy Cookie: zedo cookie
9:14 PM:   [email]jmsony@zedo[2].txt[/email] (ID = 3762)
9:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:14 PM: Starting File Sweep
9:17 PM: File Sweep Complete, Elapsed Time: 00:02:52
9:17 PM: Full Sweep has completed.  Elapsed time 00:03:50
9:17 PM: Traces Found: 32
9:17 PM: Removal process initiated
9:17 PM:   Quarantining All Traces: 2o7.net cookie
9:17 PM:   Quarantining All Traces: yieldmanager cookie
9:17 PM:   Quarantining All Traces: specificclick.com cookie
9:17 PM:   Quarantining All Traces: addynamix cookie
9:17 PM:   Quarantining All Traces: revenue.net cookie
9:17 PM:   Quarantining All Traces: advertising cookie
9:17 PM:   Quarantining All Traces: falkag cookie
9:17 PM:   Quarantining All Traces: atlas dmt cookie
9:17 PM:   Quarantining All Traces: bluestreak cookie
9:17 PM:   Quarantining All Traces: casalemedia cookie
9:17 PM:   Quarantining All Traces: overture cookie
9:17 PM:   Quarantining All Traces: ru4 cookie
9:17 PM:   Quarantining All Traces: fastclick cookie
9:17 PM:   Quarantining All Traces: hotlog cookie
9:17 PM:   Quarantining All Traces: screensavers.com cookie
9:17 PM:   Quarantining All Traces: realmedia cookie
9:17 PM:   Quarantining All Traces: adjuggler cookie
9:17 PM:   Quarantining All Traces: spylog cookie
9:17 PM:   Quarantining All Traces: onestat.com cookie
9:17 PM:   Quarantining All Traces: statcounter cookie
9:17 PM:   Quarantining All Traces: tribalfusion cookie
9:17 PM:   Quarantining All Traces: myaffiliateprogram.com cookie
9:17 PM:   Quarantining All Traces: xiti cookie
9:17 PM:   Quarantining All Traces: yadro cookie
9:17 PM:   Quarantining All Traces: zedo cookie
9:17 PM: Removal process completed.  Elapsed time 00:00:18
********
9:13 PM: |       Start of Session, Wednesday, March 29, 2006       |
9:13 PM: Spy Sweeper started
9:13 PM: Program Version 4.5.9  (Build 709)  Using Spyware Definitions 556
9:13 PM: |       End of Session, Wednesday, March 29, 2006       |


Logfile of HijackThis v1.99.1
Scan saved at 9:36:04 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FOLDER~1\FGKey.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JMSONY\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
C:\DOCUME~1\JMSONY\LOCALS~1\Temp\Rar$EX01.688\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] C:\Program Files\Logitech\SetPoint\LBTWiz.exe -silent
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143408332859
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro\FGH32.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by happygeek: fixed formatting

0

thank you
well so far i tried this
reinstalled WM10
scf / scannow
system restore didn work

jmsony

0

i remember i did this tweak a few days ago
i dunno if this is causing the problem

These Settings will fine tune your systems memory

management -at least 512MB of ram recommended

go to start\run\regedit -and then to the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

1.DisablePagingExecutive -double click it and in the decimal put a 1 - this allows XP to keep data in memory now instead of paging sections of ram to harddrive yeilds faster performance.

2.LargeSystemCache- double click it and change the decimal to 1 -this allows XP Kernel to Run in memory improves system performance alot

Reboot and watch your system fly ..happy tweakin

Note: This tweak may cause problems with ATI cards *this is documented by ATI(tweak forum Admin)

0

Hmm, well I don't see anything spyware related-ish in the HJT log. The Ewido and SpySweeper logs had what you'd expect--just cookies, so that's good. Heh and I apolegize, but that's where my computer knowledge really ends. I'd really recommend reposting a new thread in both the 'Windows NT/2000/XP/2003' forum and in the 'Windows tips n tweaks' forum, saying in both that it's been checked by us and is spyware free.

After that, I wish ya good luck with the problem.

Thanks.

0

Ok... I'm going to do some predicting...

You have Logitech Setpoint installed.
You have a Logitech bluetooth mouse or keyboard or both
You have Windows Media Player 10

This was a really tough one to figure out.

Uninstall logitech setpoint and I'll bet $$ media player 10 begins behaving normally. I have talked to Logitech about this, and their lame support just told me "setpoint is not compatible with media player 10." Well, I guess not... unfortunately, I didn't even want to use WMP10 with the damn thing. Who knew they couldn't even co-exist peacefully.

I have the same situation. For me, my system would be normal until starting and then closing media player 10. Then wmplayer.exe would constantly start and stop itself eating up processor and memory... and never ending until I restarted. The player never appears on screen, just in task manager. Of course, you're going to notice that big chunk of your processor you're not getting to use. Would result in alot of slowdown. Logitech won't say if they are planning to fix this or not. Basically, this is the last logitech thing I buy. Their support really turned me off.

0

Now that I look back, I believe ya might have a LOP infection -- hinted at with the MessengerPLus3. However, I'll wait for Demeneted before I go further with this.

0

i dunno what i did but now WMP is working fine now, i think it was the logitech setpoint that was causing the problem.
I got a laser dinovo bluetooth keyboard and mouse
the defalt media player was WMP10 when i press the media button on my keyboard
i changed it to diffenrent player and now everything looks normal
thanks for your help =D
jmsony

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.