Jump to content


Photo

PC running extremely slow and cannot access secure login sites


  • This topic is locked This topic is locked
1 reply to this topic

#1 AndyLP

AndyLP

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 January 2008 - 02:36 PM

Hiya,

Any help with this would be most grateful.

Description of problem: Computer is running very slow, I did have a problem where the desktop kept disappearing but I think that has stopped now. Certain webites I cannot access the log in screen i.e. facebook, ebay, online e-mail. I have tried using Avast, Avira Antivir and AVG antivirus which cleared up some bits but not all. I have posted three logs to help.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:26, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\ScanPanel\ScnPanel.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\calc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccd.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program

Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program

Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update

delay 60
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0

SOS\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder

IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband

medic\bin\matcli.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} -

D:\Poker\Empire\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} -

D:\Poker\Empire\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} -

C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) -

http://sell.autotrad...raderMediaX.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -

http://www.linkedin....nderControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -

http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) -

https://moneymanager...unttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.av.a...84/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi...uweb_site.cab?1

195403845625
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) -

http://imlive.com/ch...urce/ImlCID.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -

http://activex.micro...n7/DLHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.av.a...,21/mcgdmgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -

https://fortuneloung...ric/FlashAX.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) -

http://live.pdbox.co.../AFCStarter.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: jkkllkj - jkkllkj.dll (file missing)
O22 - SharedTaskScheduler: (no name) - {64ba30a2-811a-4597-b0af-d551128be340} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates

Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates

Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation -

C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation -

C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program

Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com -

C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation -

C:\Program Files\Norton Personal Firewall\SymProxySvc.exe

--
End of file - 13042 bytes

Avg Log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:57:01 08/01/2008

+ Scan result:



HKU\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f99042c-275d-11d9-9679-00508d4e145e} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E2B48518-1621-4758-90F6-96F4F6E3AF46}\RP20\A0003684.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\njprckha\njprckha3.exe -> Not-A-Virus.Downloader.Win32.UltimateFix.d : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.167:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.168:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.169:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.186:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.106:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@pr.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.183:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\nwl5sg5g.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
HKU\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} -> Trojan.Small : Cleaned with backup (quarantined).
HKU\S-1-5-21-1229272821-2052111302-839522115-1003_Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E2B48518-1621-4758-90F6-96F4F6E3AF46}\RP10\A0000033.exe -> Worm.Bobic.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E2B48518-1621-4758-90F6-96F4F6E3AF46}\RP10\A0000062.exe -> Worm.Bobic.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E2B48518-1621-4758-90F6-96F4F6E3AF46}\RP12\A0000246.exe -> Worm.Bobic.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E2B48518-1621-4758-90F6-96F4F6E3AF46}\RP16\A0001467.EXE -> Worm.Bobic.cx : Cleaned with backup (quarantined).


::Report end

Kaspersky log:

Scan
----
Scanned: 373635
Detected: 7
Untreated: 1
Start time: 08/01/2008 22:44:28
Duration: 1 days 01:02:47
Finish time: 09/01/2008 23:47:15
Signatures published: 08/01/2008 18:49:05


Detected
--------
Status Object
------ ------
disinfected: virus Virus.Win32.Trats.d File: C:\Documents and Settings\Andy\Local Settings\Temp\RCX2E.tmp
disinfected: virus Virus.Win32.Trats.d File: C:\Documents and Settings\Andy\Local Settings\Temp\RCX55.tmp
deleted: pornware not-a-virus:Porn-Downloader.Win32.StripSaver.a File: C:\WINDOWS\Downloaded Program Files\StripSaver_115.EXE//WISE0001.BIN
deleted: pornware not-a-virus:Porn-Downloader.Win32.StripSaver.a File: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\StripSaver_115.EXE//WISE0001.BIN
deleted: adware not-a-virus:AdWare.Win32.Visua.d File: C:\WINDOWS\system32\winvbie.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.BHO.ed File: D:\Program Files\21cn\VGO\VGOIEBHO.dll
detected: adware not-a-virus:AdWare.Win32.BHO.ed File: D:\Program Files\21cn\VGO\LiveUpdate\liveupdate.exe//data0026


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Record information about dangerous objects to program statistics Yes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 14 January 2008 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button