Jump to content


Photo

Multiple Glitches in Machine


  • This topic is locked This topic is locked
3 replies to this topic

#1 InDespair

InDespair

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 June 2007 - 03:02 AM

Hie everyone,
I discovered this forum last night. Kudos to the helpers! I've been experiencing some problems recently which are listed in detail as follows:

I'm using a Dell Latitude D400 Notebook purchased a year back. Latest version of McAfee A/V has been installed since the purchase which has been successfully curing all the viruses/trojans until recently.

How I think the problem started
I plugged in a USB flash drive in the laptop which had files saved from my university's library computers. On opening a few ppt files on my laptop, McAfee detected 2-3 viruses and deleted them instantly. But ever since, programs have been running unusually slower than the usual speed I've been moving on earlier.

Early symptoms of infection
o task manager has been disabled by the administrator (this is now successfully resolved through other means)
o registry editor has been disabled by the administrator (successfully resolved)
o on rebooting, an error box appears which says, 'SSVICHOSST.EXE' not found. Make sure you typed the file name correctly)
o program speed has been awfully slow. usually, the programs would open instantly at a click but not now :(
o naturally, the worm (or whatever) has hindered the internet browser's speed giving a very unsmooth experience.

Initial measures taken to combat the problem
1. Performed a complete scan from McAfee AV - did not detect any
2. Downlaoded AVG AV - Detected something like 'ssvichosst.exe' and deleted it
3. Installed NoAdware - Detected a few critical cookies and deleted it

I was not successful to fight the virus. Therefore, I went through your forum and as advised, I did the following:

1. Scanned the system through SpyBot S&D and Ad-Aware softwares.
2. Performed a Kaspersky Online Scan - log pasted below
3. Downloaded AVG Anti-Spyware (Formerly known as Ewido) - log pasted below
4. Download HijackThis - log pasted below

I have nothing else to write. The machine continues to run at a slower speed. Would be wonderful to get a reply at the earliest.

With this query,
InDespair.

LOGS

HijackThis Scan - LOG


Logfile of HijackThis v1.99.1
Scan saved at 11:26:41 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\SCardSvr.exe
E:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
E:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
E:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
E:\Program Files\Lucent\ASL-2000\dslstat.exe
E:\Program Files\Lucent\ASL-2000\dslagent.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\LClock\LClock.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
E:\Program Files\DeskTool\DeskTool.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\LAN2NET\l2nService.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\Program Files\Network Associates\VirusScan\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\system32\wwSecure.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\NoAdware4\NoAdware4.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Crazy Browser\Crazy Browser.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\PROGRA~1\FREEDO~1\fdm.exe
E:\Documents and Settings\Administrator\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "E:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "E:\Program Files\Lucent\ASL-2000\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "E:\Program Files\Lucent\ASL-2000\dslagent.exe"
O4 - HKLM\..\Run: [AVG7_CC] "E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LClock] "E:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] "E:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: DeskTool.lnk = E:\Program Files\DeskTool\DeskTool.exe
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://enigmaticpowe...ad/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0FEBF7E-C833-45F9-BA6B-63E53042A45A}: NameServer = 195.229.241.222 213.42.20.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - E:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - E:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - E:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: EvtEng - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: l2nService - Unknown owner - E:\Program Files\LAN2NET\l2nService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - E:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: RegSrvc - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - E:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - E:\WINDOWS\system32\wwSecure.exe






Kaspersky Online Scan - Log

E:\Documents and Settings\Administrator\Local Settings\Application Data\XemiComputers\Active Desktop Calendar\ADC Errors Log.txt Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\4968 Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFB082.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFBB9E.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFBC07.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFFCC9.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFFCD2.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070601_Time-140049102_EnterceptExceptions.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070601_Time-140049102_EnterceptRules.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_BII-9699513F4EB.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_BII-9699513F4EB.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02D87A6E-1E6F-4321-AD09-8D6BFEEAFB77.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04C1C087-4D06-42A6-89F0-69DDCFCEBA1A.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07E4A5D7-7002-4C00-BA8F-9474FD8E6BDE.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS172884A3-80A8-44B0-812D-70C3EF5D571D.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17799D0B-1CCB-48A0-9CCC-64B008DF0985.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS253D64DD-18D0-4491-BA28-F80937CE812F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25FB23A9-16A0-4A36-B258-7B8C89924591.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2684CDA5-E7C1-4C04-8AE9-D182D8B3CAEF.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS272C764E-117B-4249-9E88-EB3E41F175CF.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28B45300-F895-45B0-BE83-791214E0373A.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2BB65E2F-F935-4D20-B1FC-8941AAE3F0E2.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2CA1F442-2FF6-4FB4-B2D9-5F8B2FC0451F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D35B528-B512-4C28-96D6-FDB671F6FA4F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F310CD7-2733-4618-8A66-D15FF7324C0F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37A30032-38F4-45E1-8FE7-7F6048C0756C.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DDB291A-53E1-4EB4-A180-C8D27CC5EF66.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS410B48F5-D5A3-4C2C-8098-2A7C601B2C9B.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42E25C10-6358-4FCD-A58A-1B605C2AFA6E.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS46BC8B3F-99EF-42C3-B222-0AFCD756DA6B.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B28D9F4-083A-4D50-A926-228FF36CE914.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS504FC614-653B-42BF-AF0B-5A68D5791804.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5512CD80-E88A-40A0-B567-9999C44DA655.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CA7ADCC-9122-4A5F-8488-D792812AC3A3.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6133A652-37B4-43E9-A222-F02D21E3EDA9.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6641D3B7-FEF0-4F10-99D9-ABF07A98BF19.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68373A98-7F09-487A-8A5D-6A3BCD169058.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B6786DF-B392-4C5C-AD58-7B56FBA7C6A9.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DAD52F3-5970-447B-82D5-139144D91196.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS705D28BE-8574-4DF2-995C-1E25CBDC0764.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78AA3A35-BF5E-497B-944D-D4B92FAF1B80.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82A1C762-049D-4B73-AE2C-D6B488AF50C2.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS835AFD86-A34B-4907-AF86-6CA08E00C2DB.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88BED45F-2C5F-4FE0-B39A-4E954D842823.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS89FFB637-1F1B-4161-BC47-88A01BEEF675.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90D6CACB-6AF0-4D96-981F-2B2430691851.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93F4E2C3-DD4C-414B-95E7-9D0B91796C17.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS986AC8D8-69E8-40DE-A97B-72D8F4A7991F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EEF13CA-A448-448D-A038-DB4372EEE833.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA211A174-F33F-4F28-B0C4-624DA8501A78.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA62AC512-9675-424B-9F08-8C9AAEC3BF3C.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA634E717-B324-4D61-84A4-EA993E113601.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAE23098C-B1EE-48F6-8368-B0695B3DC6F9.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1E513EC-050F-47B0-B738-A22D936F9D50.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB23FADC6-9B27-4773-9700-D377E68AC813.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB33317A9-D856-4882-94B4-CF5CCDEDDC1F.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB9057E2-9C8A-4950-9905-DBE5E9D932CF.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD5DDC6B-E015-43D7-8899-EEEF6665AB22.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1CD5A7E-E558-4DF4-B6B4-E38C51343186.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5FD0F11-5479-426E-85C1-853045422893.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF24C316-4814-43A6-86B1-56A154A5F43A.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD2BCBA3E-43C0-4241-A554-38B9DA4F1EC6.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4446E14-8F19-4FE9-B2C0-29524A7811E5.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD820D875-FA6E-4B45-A3EA-849D1F13538E.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCB40BAA-A446-4834-9886-1AE54C0B656C.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD5CD2B9-CBA9-48AA-9DA5-E671B824EE4B.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE26D107F-9E85-4BDD-BA6B-39F88922198C.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6892E70-B04E-46A8-A441-A9AAB482D2E1.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDDD048F-E061-48EA-B54A-59B26E9F05C7.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDF36299-3384-442D-983E-7966143E0F57.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEEC3DF2E-9EFF-4CD4-A2C6-2ED8686C4EE3.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFC69640-C315-4A27-B426-70A1B6499FF5.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF641F845-5A51-4ECB-9730-5E5DABBC019B.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFAA9D837-1F8A-4C74-A7DB-6F5EE0BF42DE.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFACD0A7C-97AE-4C20-BD84-4D9F7F3BEECF.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFCD189E9-8598-48D7-B2D6-1ABC53FC6338.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFDF4F72A-9A18-49A0-BF00-66ACD5CB532E.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFEB24C8E-421E-45A9-AF80-92A6F30B7975.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFEBD1C52-E2A9-431A-B545-7B2787C61847.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFFCF3B96-D772-4304-B254-F04CFA9D20ED.tmp Object is locked skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\Program Files\LAN2NET\l2n_1_6_00_0097.db Object is locked skipped
E:\Program Files\LAN2NET\log\20070602L2NSTAT.DB Object is locked skipped
E:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
E:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
E:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
E:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\EventCache\{51F61C91-2729-4679-9417-1FCED443127C}.bin Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\Temp\yaffil200.lck Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.






[b]AVG Anti-Spyware (Former Ewido) - Log


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:36:12 AM 6/2/2007

+ Scan result:



:mozilla.29:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.30:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.17:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.50:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.77:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.81:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.56:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
E:\Documents and Settings\Administrator\Cookies\administrator@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.36:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.37:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.48:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.49:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.18:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.19:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.73:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.74:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.75:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.76:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gujza9oh.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.


::Report end

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 04 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 16 June 2007 - 03:38 AM

Hi,

Sorry you’ve had to wait for a few days but all of the helpers here are volunteers and we’ve been really busy recently.

If you still need help, please post a fresh HijackThis log into this thread so I can make sure nothing has changed and I will be happy to review it for you.

:)
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".

#4 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 27 June 2007 - 12:55 PM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button