cpu running at 100% and constantly freezing

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
My computer has been acting really crappy lately.
Really slow
I can get on the internet but the links take forever or the no response
cpu is running at 100%
We get a microsoft no response and have to reboot or if you control alt delete it says that there is nothing it is working on even though you have click on a program. Programs freeze constantly and take forever to get to another excel sheet as an example.
I have norton internet sercurity, I have done iolo system mechanics 6
we have run our adware
I have run pc pit stop on the computer which said it found trojans. Are all my problems caused by these and can you suggest a product to take them off.
If it is not a trojan that is slowing down the computer what other suggestion do you have for me. I really don't understand what is making the cpu run a 100%
Thank you for your time and help :)
 
Joined
Dec 8, 2006
Messages
475
If you have any reason to think you may be hosting a trojan or other spyware, and choose not to use Tech Support Guy online service, I suggest you go to the link below and follow all of the directions. If you are hosting malware only its removal can end your problem. Castle Cops:http://wiki.castlecops.com/MRP.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,726
There's no reason to send him to another site, we have some excellent security folks right here.

kgbj, please post a HijackThis log and we'll have a security expert take a look at it.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
Thank you and I hope you can see what is wrong with the computer. Thank you for all your time and energy. :)



Logfile of HijackThis v1.99.1
Scan saved at 2:16:44 PM, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program

Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} -

C:\WINDOWS\system32\SearchTool\nsw2A8.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} -

C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Microsoft Inactive Object Discovery Tool -

{946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} -

C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate

Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop

Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet

Security\osCheck.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program

Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2

Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI

Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin

4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI

Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32

shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack

RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [AnyTime Organizer] C:\Program Files\AnyTime

Deluxe\AtDem.exe
O4 - HKCU\..\Run: [worldtime.exe] C:\PROGRA~1\ANYTIM~1\worldtime.exe nosplash
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA

Link\Core.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe

-quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -

C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} -

C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TruePass EPF 7,0,100,717 -

https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) -

http://services.yummy.net/download/WebInstall.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client

Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall

Control) - http://download.acegain.com/agent/DMInstall.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

https://www.puretracks.com/onager.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload

Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) -

http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -

http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -

C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -

C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec

Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:27 AM: Shield States
11:27 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
11:27 AM: Spyware Definitions: 834
11:27 AM: Spy Sweeper 5.2.3.2138 started
9:55 AM: | End of Session, January 10, 2007 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:51 AM: Shield States
9:50 AM: Spyware Definitions: 816
9:50 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
9:49 AM: Spy Sweeper 5.2.3.2138 started
9:49 AM: Spy Sweeper 5.2.3.2138 started
9:49 AM: | Start of Session, January 10, 2007 |
********
10:30 AM: Removal process completed. Elapsed time 00:00:51
10:30 AM: A reboot was suggested but declined.
10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21D.tmp". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21E.tmp". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
10:30 AM: Quarantining All Traces: webtrendslive cookie
10:30 AM: Quarantining All Traces: advertising cookie
10:30 AM: Quarantining All Traces: questionmarket cookie
10:30 AM: Quarantining All Traces: redsheriff cookies
10:30 AM: Quarantining All Traces: clickbank cookie
10:30 AM: Quarantining All Traces: tacoda cookie
10:30 AM: Quarantining All Traces: 2o7.net cookie
10:30 AM: Quarantining All Traces: mediaplex cookie
10:30 AM: Quarantining All Traces: atlas dmt cookie
10:30 AM: Quarantining All Traces: webtrends cookie
10:30 AM: Quarantining All Traces: 180search assistant/zango
10:30 AM: Quarantining All Traces: hotbar/zango
10:30 AM: Quarantining All Traces: mirar webband
10:30 AM: Quarantining All Traces: multidial
10:30 AM: Quarantining All Traces: searchtool
10:30 AM: Removal process initiated
10:29 AM: Traces Found: 81
10:29 AM: Full Sweep has completed. Elapsed time 00:34:15
10:29 AM: File Sweep Complete, Elapsed Time: 00:30:40
10:19 AM: Warning: Failed to access drive E:
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\virusdefs\lulock.dat". The process cannot access the file because it is being used by another process
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\idsdefs\lulock.dat". The process cannot access the file because it is being used by another process
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\nco1.0defs\lulock.dat". The process cannot access the file because it is being used by another process
10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:01 AM: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
10:01 AM: C:\WINDOWS\system32\SearchTool\SearchTool.dll (ID = 429258)
10:01 AM: C:\WINDOWS\system32\SearchTool (3 subtraces) (ID = 2147538562)
10:01 AM: C:\WINDOWS\system32\SmartShopper (4 subtraces) (ID = 2147537822)
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:58 AM: Starting File Sweep
9:58 AM: Warning: Failed to access drive A:
9:58 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:58 AM: c:\documents and settings\grant\cookies\grant@statse.webtrendslive[1].txt (ID = 3667)
9:58 AM: Found Spy Cookie: webtrendslive cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@advertising[2].txt (ID = 2175)
9:58 AM: Found Spy Cookie: advertising cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@microsoftwga.112.2o7[1].txt (ID = 1958)
9:58 AM: c:\documents and settings\grant\cookies\grant@questionmarket[1].txt (ID = 3217)
9:58 AM: Found Spy Cookie: questionmarket cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@imrworldwide[2].txt (ID = 2845)
9:58 AM: Found Spy Cookie: redsheriff cookies
9:58 AM: c:\documents and settings\grant\cookies\grant@clickbank[1].txt (ID = 2398)
9:58 AM: Found Spy Cookie: clickbank cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@2o7[1].txt (ID = 1957)
9:58 AM: c:\documents and settings\grant\cookies\grant@tacoda[1].txt (ID = 6444)
9:58 AM: Found Spy Cookie: tacoda cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@m.webtrends[1].txt (ID = 3669)
9:58 AM: c:\documents and settings\grant\cookies\grant@msnportal.112.2o7[1].txt (ID = 1958)
9:58 AM: Found Spy Cookie: 2o7.net cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@mediaplex[1].txt (ID = 6442)
9:58 AM: Found Spy Cookie: mediaplex cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@atdmt[2].txt (ID = 2253)
9:58 AM: Found Spy Cookie: atlas dmt cookie
9:58 AM: c:\documents and settings\brayden and jordyn\cookies\brayden and jordyn@m.webtrends[2].txt (ID = 3669)
9:58 AM: Found Spy Cookie: webtrends cookie
9:58 AM: Starting Cookie Sweep
9:58 AM: Registry Sweep Complete, Elapsed Time:00:00:13
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\relevanceinstaller\ (ID = 1896814)
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\lifetimeporn\ (ID = 1896808)
9:58 AM: Found Adware: mirar webband
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\searchenhancer\ (ID = 1880916)
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1005\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1006\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchenhancer\ (ID = 1880925)
9:58 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877812)
9:58 AM: HKLM\software\classes\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877800)
9:58 AM: HKLM\software\classes\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877788)
9:58 AM: HKLM\software\classes\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877776)
9:58 AM: HKCR\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877764)
9:58 AM: HKCR\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877752)
9:58 AM: HKCR\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877740)
9:58 AM: HKLM\software\classes\fis.ohb.1\ (ID = 1779239)
9:58 AM: HKLM\software\classes\fis.ohb\ (ID = 1779233)
9:58 AM: HKLM\software\classes\fis.momo.1\ (ID = 1779229)
9:58 AM: HKLM\software\classes\fis.momo\ (ID = 1779223)
9:58 AM: HKLM\software\classes\fis.amo.1\ (ID = 1779219)
9:58 AM: HKLM\software\classes\fis.amo\ (ID = 1779213)
9:58 AM: HKCR\fis.ohb.1\ (ID = 1779187)
9:58 AM: HKCR\fis.ohb\ (ID = 1779181)
9:58 AM: HKCR\fis.momo.1\ (ID = 1779177)
9:58 AM: HKCR\fis.momo\ (ID = 1779171)
9:58 AM: HKCR\fis.amo.1\ (ID = 1779167)
9:58 AM: HKCR\fis.amo\ (ID = 1779161)
9:58 AM: HKCR\dialerr.dialerr\ (ID = 1627741)
9:58 AM: HKCR\dialerr.dialerr.1\ (ID = 1627737)
9:58 AM: HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362734)
9:58 AM: HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362723)
9:58 AM: HKLM\software\classes\spamblockerconfig.application.1\ (ID = 968867)
9:58 AM: HKCR\spamblockerconfig.application.1\ (ID = 968312)
9:58 AM: HKLM\software\classes\imside1egate.application.1\ (ID = 711277)
9:58 AM: HKCR\imside1egate.application.1\ (ID = 710985)
9:58 AM: Found Adware: 180search assistant/zango
9:58 AM: HKLM\software\classes\dialerr.dialerr.1\ (ID = 662143)
9:58 AM: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
9:58 AM: HKCR\webgate.webgate\ (ID = 662012)
9:58 AM: HKCR\userinfo.userinfo\ (ID = 662008)
9:58 AM: HKCR\tapilocationinfo.tapilocationinfo\ (ID = 662004)
9:58 AM: HKCR\smartstart.smartstart\ (ID = 662000)
9:58 AM: HKCR\refdial.refdial\ (ID = 661996)
9:58 AM: HKCR\inshandler.inshandler\ (ID = 661992)
9:58 AM: HKCR\icwsystemconfig.icwsystemconfig\ (ID = 661988)
9:58 AM: HKCR\icwconn.webview\ (ID = 661983)
9:58 AM: HKCR\icwconn.walker\ (ID = 661978)
9:58 AM: HKCR\icwconn.ispdata\ (ID = 661973)
9:58 AM: HKCR\icwconn.gifconvert\ (ID = 661968)
9:58 AM: HKCR\icwconn.apprentice\ (ID = 661963)
9:58 AM: HKLM\software\classes\dialerr.dialerr\ (ID = 135355)
9:58 AM: Found Adware: multidial
9:58 AM: HKCR\spamblockerconfig.application\ (ID = 127634)
9:58 AM: HKLM\software\spam blocker\ (ID = 127633)
9:58 AM: HKLM\software\classes\spamblockerconfig.application\ (ID = 127536)
9:58 AM: HKLM\software\classes\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127435)
9:58 AM: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127434)
9:58 AM: HKCR\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127271)
9:58 AM: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127270)
9:58 AM: Found Adware: hotbar/zango
9:58 AM: Starting Registry Sweep
9:58 AM: Memory Sweep Complete, Elapsed Time: 00:03:14
9:55 AM: Detected running threat: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
9:55 AM: Found Adware: searchtool
9:55 AM: Starting Memory Sweep
9:55 AM: Start Full Sweep
9:55 AM: Sweep initiated using definitions version 834
9:55 AM: Spy Sweeper 5.2.3.2138 started
9:55 AM: | Start of Session, January 10, 2007 |
********
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:27 AM: Shield States
11:27 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
11:27 AM: Spyware Definitions: 834
11:27 AM: Spy Sweeper 5.2.3.2138 started
9:55 AM: | End of Session, January 10, 2007 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:51 AM: Shield States
9:50 AM: Spyware Definitions: 816
9:50 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
9:49 AM: Spy Sweeper 5.2.3.2138 started
9:49 AM: Spy Sweeper 5.2.3.2138 started
9:49 AM: | Start of Session, January 10, 2007 |
********
10:30 AM: Removal process completed. Elapsed time 00:00:51
10:30 AM: A reboot was suggested but declined.
10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21D.tmp". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21E.tmp". Reason: The system cannot find the file specified
10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
10:30 AM: Quarantining All Traces: webtrendslive cookie
10:30 AM: Quarantining All Traces: advertising cookie
10:30 AM: Quarantining All Traces: questionmarket cookie
10:30 AM: Quarantining All Traces: redsheriff cookies
10:30 AM: Quarantining All Traces: clickbank cookie
10:30 AM: Quarantining All Traces: tacoda cookie
10:30 AM: Quarantining All Traces: 2o7.net cookie
10:30 AM: Quarantining All Traces: mediaplex cookie
10:30 AM: Quarantining All Traces: atlas dmt cookie
10:30 AM: Quarantining All Traces: webtrends cookie
10:30 AM: Quarantining All Traces: 180search assistant/zango
10:30 AM: Quarantining All Traces: hotbar/zango
10:30 AM: Quarantining All Traces: mirar webband
10:30 AM: Quarantining All Traces: multidial
10:30 AM: Quarantining All Traces: searchtool
10:30 AM: Removal process initiated
10:29 AM: Traces Found: 81
10:29 AM: Full Sweep has completed. Elapsed time 00:34:15
10:29 AM: File Sweep Complete, Elapsed Time: 00:30:40
10:19 AM: Warning: Failed to access drive E:
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\virusdefs\lulock.dat". The process cannot access the file because it is being used by another process
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\idsdefs\lulock.dat". The process cannot access the file because it is being used by another process
10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\nco1.0defs\lulock.dat". The process cannot access the file because it is being used by another process
10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:01 AM: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
10:01 AM: C:\WINDOWS\system32\SearchTool\SearchTool.dll (ID = 429258)
10:01 AM: C:\WINDOWS\system32\SearchTool (3 subtraces) (ID = 2147538562)
10:01 AM: C:\WINDOWS\system32\SmartShopper (4 subtraces) (ID = 2147537822)
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:58 AM: Starting File Sweep
9:58 AM: Warning: Failed to access drive A:
9:58 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:58 AM: c:\documents and settings\grant\cookies\grant@statse.webtrendslive[1].txt (ID = 3667)
9:58 AM: Found Spy Cookie: webtrendslive cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@advertising[2].txt (ID = 2175)
9:58 AM: Found Spy Cookie: advertising cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@microsoftwga.112.2o7[1].txt (ID = 1958)
9:58 AM: c:\documents and settings\grant\cookies\grant@questionmarket[1].txt (ID = 3217)
9:58 AM: Found Spy Cookie: questionmarket cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@imrworldwide[2].txt (ID = 2845)
9:58 AM: Found Spy Cookie: redsheriff cookies
9:58 AM: c:\documents and settings\grant\cookies\grant@clickbank[1].txt (ID = 2398)
9:58 AM: Found Spy Cookie: clickbank cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@2o7[1].txt (ID = 1957)
9:58 AM: c:\documents and settings\grant\cookies\grant@tacoda[1].txt (ID = 6444)
9:58 AM: Found Spy Cookie: tacoda cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@m.webtrends[1].txt (ID = 3669)
9:58 AM: c:\documents and settings\grant\cookies\grant@msnportal.112.2o7[1].txt (ID = 1958)
9:58 AM: Found Spy Cookie: 2o7.net cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@mediaplex[1].txt (ID = 6442)
9:58 AM: Found Spy Cookie: mediaplex cookie
9:58 AM: c:\documents and settings\grant\cookies\grant@atdmt[2].txt (ID = 2253)
9:58 AM: Found Spy Cookie: atlas dmt cookie
9:58 AM: c:\documents and settings\brayden and jordyn\cookies\brayden and jordyn@m.webtrends[2].txt (ID = 3669)
9:58 AM: Found Spy Cookie: webtrends cookie
9:58 AM: Starting Cookie Sweep
9:58 AM: Registry Sweep Complete, Elapsed Time:00:00:13
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\relevanceinstaller\ (ID = 1896814)
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\lifetimeporn\ (ID = 1896808)
9:58 AM: Found Adware: mirar webband
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\searchenhancer\ (ID = 1880916)
9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1005\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1006\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
9:58 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchenhancer\ (ID = 1880925)
9:58 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877812)
9:58 AM: HKLM\software\classes\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877800)
9:58 AM: HKLM\software\classes\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877788)
9:58 AM: HKLM\software\classes\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877776)
9:58 AM: HKCR\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877764)
9:58 AM: HKCR\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877752)
9:58 AM: HKCR\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877740)
9:58 AM: HKLM\software\classes\fis.ohb.1\ (ID = 1779239)
9:58 AM: HKLM\software\classes\fis.ohb\ (ID = 1779233)
9:58 AM: HKLM\software\classes\fis.momo.1\ (ID = 1779229)
9:58 AM: HKLM\software\classes\fis.momo\ (ID = 1779223)
9:58 AM: HKLM\software\classes\fis.amo.1\ (ID = 1779219)
9:58 AM: HKLM\software\classes\fis.amo\ (ID = 1779213)
9:58 AM: HKCR\fis.ohb.1\ (ID = 1779187)
9:58 AM: HKCR\fis.ohb\ (ID = 1779181)
9:58 AM: HKCR\fis.momo.1\ (ID = 1779177)
9:58 AM: HKCR\fis.momo\ (ID = 1779171)
9:58 AM: HKCR\fis.amo.1\ (ID = 1779167)
9:58 AM: HKCR\fis.amo\ (ID = 1779161)
9:58 AM: HKCR\dialerr.dialerr\ (ID = 1627741)
9:58 AM: HKCR\dialerr.dialerr.1\ (ID = 1627737)
9:58 AM: HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362734)
9:58 AM: HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362723)
9:58 AM: HKLM\software\classes\spamblockerconfig.application.1\ (ID = 968867)
9:58 AM: HKCR\spamblockerconfig.application.1\ (ID = 968312)
9:58 AM: HKLM\software\classes\imside1egate.application.1\ (ID = 711277)
9:58 AM: HKCR\imside1egate.application.1\ (ID = 710985)
9:58 AM: Found Adware: 180search assistant/zango
9:58 AM: HKLM\software\classes\dialerr.dialerr.1\ (ID = 662143)
9:58 AM: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
9:58 AM: HKCR\webgate.webgate\ (ID = 662012)
9:58 AM: HKCR\userinfo.userinfo\ (ID = 662008)
9:58 AM: HKCR\tapilocationinfo.tapilocationinfo\ (ID = 662004)
9:58 AM: HKCR\smartstart.smartstart\ (ID = 662000)
9:58 AM: HKCR\refdial.refdial\ (ID = 661996)
9:58 AM: HKCR\inshandler.inshandler\ (ID = 661992)
9:58 AM: HKCR\icwsystemconfig.icwsystemconfig\ (ID = 661988)
9:58 AM: HKCR\icwconn.webview\ (ID = 661983)
9:58 AM: HKCR\icwconn.walker\ (ID = 661978)
9:58 AM: HKCR\icwconn.ispdata\ (ID = 661973)
9:58 AM: HKCR\icwconn.gifconvert\ (ID = 661968)
9:58 AM: HKCR\icwconn.apprentice\ (ID = 661963)
9:58 AM: HKLM\software\classes\dialerr.dialerr\ (ID = 135355)
9:58 AM: Found Adware: multidial
9:58 AM: HKCR\spamblockerconfig.application\ (ID = 127634)
9:58 AM: HKLM\software\spam blocker\ (ID = 127633)
9:58 AM: HKLM\software\classes\spamblockerconfig.application\ (ID = 127536)
9:58 AM: HKLM\software\classes\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127435)
9:58 AM: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127434)
9:58 AM: HKCR\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127271)
9:58 AM: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127270)
9:58 AM: Found Adware: hotbar/zango
9:58 AM: Starting Registry Sweep
9:58 AM: Memory Sweep Complete, Elapsed Time: 00:03:14
9:55 AM: Detected running threat: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
9:55 AM: Found Adware: searchtool
 

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
Logfile of HijackThis v1.99.1
Scan saved at 12:25:32 PM, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Microsoft Inactive Object Discovery Tool - {946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} - C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] "C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [AnyTime Organizer] "C:\Program Files\AnyTime Deluxe\AtDem.exe"
O4 - HKCU\..\Run: [worldtime.exe] "C:\PROGRA~1\ANYTIM~1\worldtime.exe" nosplash
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) - http://services.yummy.net/download/WebInstall.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall Control) - http://download.acegain.com/agent/DMInstall.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) - http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First go to add/remove programs & remove any of these found

Spyware Assasin
Smart Shopper
SoftwareOnline



then reboot then

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily


Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)
O2 - BHO: Microsoft Inactive Object Discovery Tool - {946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"

O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj

O4 - Startup: PowerReg Scheduler V3.exe

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\


now Start killbox, paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\PROGRA~1\SOFTWA~1\
C:\Program Files\Spyware Assassin 4.0\
C:\WINDOWS\system32\SmartShopper\

Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

then reboot again & post a frsh HJT log & tell us how it is
 

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
Thanks Derek,

So far everything is working faster than it was. I was able to get onto the forum with no probs. I haven't checked to see if my files freeze when I get into them but so far so good.

Thank you for all your help. I hope this log is better; let me know if there is anything else I should take out.

Thanks again and take care ;)
Kristie


Logfile of HijackThis v1.99.1
Scan saved at 3:14:09 PM, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} - C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] "C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [AnyTime Organizer] "C:\Program Files\AnyTime Deluxe\AtDem.exe"
O4 - HKCU\..\Run: [worldtime.exe] C:\PROGRA~1\ANYTIM~1\worldtime.exe nosplash
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) - http://services.yummy.net/download/WebInstall.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall Control) - http://download.acegain.com/agent/DMInstall.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) - http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That looks clear now

you could probably trim down your startups somewhat and possibly lose a few toolbars if they aren't in use


Turn off system restore by following instructions here
http://www.thespykiller.co.uk/forum/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.
and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
 

kgbj

Thread Starter
Joined
Jan 6, 2007
Messages
63
Thank you sooo much everything seems to be running much smother.

When I get some extra cash I will defently be sending a donation.

Once again THANK YOU!

Kristie
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top