1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cpu running at 100% and constantly freezing

Discussion in 'Virus & Other Malware Removal' started by kgbj, Jan 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    My computer has been acting really crappy lately.
    Really slow
    I can get on the internet but the links take forever or the no response
    cpu is running at 100%
    We get a microsoft no response and have to reboot or if you control alt delete it says that there is nothing it is working on even though you have click on a program. Programs freeze constantly and take forever to get to another excel sheet as an example.
    I have norton internet sercurity, I have done iolo system mechanics 6
    we have run our adware
    I have run pc pit stop on the computer which said it found trojans. Are all my problems caused by these and can you suggest a product to take them off.
    If it is not a trojan that is slowing down the computer what other suggestion do you have for me. I really don't understand what is making the cpu run a 100%
    Thank you for your time and help :)
     
  2. 1101doc

    1101doc

    Joined:
    Dec 8, 2006
    Messages:
    475
    If you have any reason to think you may be hosting a trojan or other spyware, and choose not to use Tech Support Guy online service, I suggest you go to the link below and follow all of the directions. If you are hosting malware only its removal can end your problem. Castle Cops:http://wiki.castlecops.com/MRP.
     
  3. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    There's no reason to send him to another site, we have some excellent security folks right here.

    kgbj, please post a HijackThis log and we'll have a security expert take a look at it.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  5. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    Thank you and I hope you can see what is wrong with the computer. Thank you for all your time and energy. :)



    Logfile of HijackThis v1.99.1
    Scan saved at 2:16:44 PM, on 09/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\PROGRA~1\SOFTWA~1\soproc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program

    Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} -

    C:\WINDOWS\system32\SearchTool\nsw2A8.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} -

    C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Microsoft Inactive Object Discovery Tool -

    {946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} -

    C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -

    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate

    Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program

    Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

    Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

    Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

    Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop

    Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

    IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet

    Security\osCheck.exe"
    O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program

    Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2

    Service\WZCSLDR2.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

    /background
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI

    Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin

    4.0\Spyware Assassin.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

    Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI

    Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32

    shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack

    RegSoAlertWxLiteNnAj
    O4 - HKCU\..\Run: [AnyTime Organizer] C:\Program Files\AnyTime

    Deluxe\AtDem.exe
    O4 - HKCU\..\Run: [worldtime.exe] C:\PROGRA~1\ANYTIM~1\worldtime.exe nosplash
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA

    Link\Core.exe" -silent
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe

    -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -

    C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} -

    C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: TruePass EPF 7,0,100,717 -

    https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) -

    http://services.yummy.net/download/WebInstall.CAB
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client

    Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

    scanner) -

    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall

    Control) - http://download.acegain.com/agent/DMInstall.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

    https://www.puretracks.com/onager.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

    Class) -

    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload

    Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -

    http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) -

    http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -

    http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -

    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program

    Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

    missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

    owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

    ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -

    C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec

    Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory Objects
      • Sweep Windows Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  7. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:27 AM: Shield States
    11:27 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    11:27 AM: Spyware Definitions: 834
    11:27 AM: Spy Sweeper 5.2.3.2138 started
    9:55 AM: | End of Session, January 10, 2007 |
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:51 AM: Shield States
    9:50 AM: Spyware Definitions: 816
    9:50 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    9:49 AM: Spy Sweeper 5.2.3.2138 started
    9:49 AM: Spy Sweeper 5.2.3.2138 started
    9:49 AM: | Start of Session, January 10, 2007 |
    ********
    10:30 AM: Removal process completed. Elapsed time 00:00:51
    10:30 AM: A reboot was suggested but declined.
    10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21D.tmp". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21E.tmp". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:30 AM: Quarantining All Traces: webtrendslive cookie
    10:30 AM: Quarantining All Traces: advertising cookie
    10:30 AM: Quarantining All Traces: questionmarket cookie
    10:30 AM: Quarantining All Traces: redsheriff cookies
    10:30 AM: Quarantining All Traces: clickbank cookie
    10:30 AM: Quarantining All Traces: tacoda cookie
    10:30 AM: Quarantining All Traces: 2o7.net cookie
    10:30 AM: Quarantining All Traces: mediaplex cookie
    10:30 AM: Quarantining All Traces: atlas dmt cookie
    10:30 AM: Quarantining All Traces: webtrends cookie
    10:30 AM: Quarantining All Traces: 180search assistant/zango
    10:30 AM: Quarantining All Traces: hotbar/zango
    10:30 AM: Quarantining All Traces: mirar webband
    10:30 AM: Quarantining All Traces: multidial
    10:30 AM: Quarantining All Traces: searchtool
    10:30 AM: Removal process initiated
    10:29 AM: Traces Found: 81
    10:29 AM: Full Sweep has completed. Elapsed time 00:34:15
    10:29 AM: File Sweep Complete, Elapsed Time: 00:30:40
    10:19 AM: Warning: Failed to access drive E:
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\virusdefs\lulock.dat". The process cannot access the file because it is being used by another process
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\idsdefs\lulock.dat". The process cannot access the file because it is being used by another process
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\nco1.0defs\lulock.dat". The process cannot access the file because it is being used by another process
    10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:01 AM: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
    10:01 AM: C:\WINDOWS\system32\SearchTool\SearchTool.dll (ID = 429258)
    10:01 AM: C:\WINDOWS\system32\SearchTool (3 subtraces) (ID = 2147538562)
    10:01 AM: C:\WINDOWS\system32\SmartShopper (4 subtraces) (ID = 2147537822)
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
    9:58 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    9:58 AM: Starting File Sweep
    9:58 AM: Warning: Failed to access drive A:
    9:58 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3667)
    9:58 AM: Found Spy Cookie: webtrendslive cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2175)
    9:58 AM: Found Spy Cookie: advertising cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1958)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3217)
    9:58 AM: Found Spy Cookie: questionmarket cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2845)
    9:58 AM: Found Spy Cookie: redsheriff cookies
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 2398)
    9:58 AM: Found Spy Cookie: clickbank cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1957)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 6444)
    9:58 AM: Found Spy Cookie: tacoda cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3669)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1958)
    9:58 AM: Found Spy Cookie: 2o7.net cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 6442)
    9:58 AM: Found Spy Cookie: mediaplex cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2253)
    9:58 AM: Found Spy Cookie: atlas dmt cookie
    9:58 AM: c:\documents and settings\brayden and jordyn\cookies\brayden and [email protected][2].txt (ID = 3669)
    9:58 AM: Found Spy Cookie: webtrends cookie
    9:58 AM: Starting Cookie Sweep
    9:58 AM: Registry Sweep Complete, Elapsed Time:00:00:13
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\relevanceinstaller\ (ID = 1896814)
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\lifetimeporn\ (ID = 1896808)
    9:58 AM: Found Adware: mirar webband
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\searchenhancer\ (ID = 1880916)
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1005\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1006\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchenhancer\ (ID = 1880925)
    9:58 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877812)
    9:58 AM: HKLM\software\classes\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877800)
    9:58 AM: HKLM\software\classes\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877788)
    9:58 AM: HKLM\software\classes\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877776)
    9:58 AM: HKCR\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877764)
    9:58 AM: HKCR\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877752)
    9:58 AM: HKCR\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877740)
    9:58 AM: HKLM\software\classes\fis.ohb.1\ (ID = 1779239)
    9:58 AM: HKLM\software\classes\fis.ohb\ (ID = 1779233)
    9:58 AM: HKLM\software\classes\fis.momo.1\ (ID = 1779229)
    9:58 AM: HKLM\software\classes\fis.momo\ (ID = 1779223)
    9:58 AM: HKLM\software\classes\fis.amo.1\ (ID = 1779219)
    9:58 AM: HKLM\software\classes\fis.amo\ (ID = 1779213)
    9:58 AM: HKCR\fis.ohb.1\ (ID = 1779187)
    9:58 AM: HKCR\fis.ohb\ (ID = 1779181)
    9:58 AM: HKCR\fis.momo.1\ (ID = 1779177)
    9:58 AM: HKCR\fis.momo\ (ID = 1779171)
    9:58 AM: HKCR\fis.amo.1\ (ID = 1779167)
    9:58 AM: HKCR\fis.amo\ (ID = 1779161)
    9:58 AM: HKCR\dialerr.dialerr\ (ID = 1627741)
    9:58 AM: HKCR\dialerr.dialerr.1\ (ID = 1627737)
    9:58 AM: HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362734)
    9:58 AM: HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362723)
    9:58 AM: HKLM\software\classes\spamblockerconfig.application.1\ (ID = 968867)
    9:58 AM: HKCR\spamblockerconfig.application.1\ (ID = 968312)
    9:58 AM: HKLM\software\classes\imside1egate.application.1\ (ID = 711277)
    9:58 AM: HKCR\imside1egate.application.1\ (ID = 710985)
    9:58 AM: Found Adware: 180search assistant/zango
    9:58 AM: HKLM\software\classes\dialerr.dialerr.1\ (ID = 662143)
    9:58 AM: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
    9:58 AM: HKCR\webgate.webgate\ (ID = 662012)
    9:58 AM: HKCR\userinfo.userinfo\ (ID = 662008)
    9:58 AM: HKCR\tapilocationinfo.tapilocationinfo\ (ID = 662004)
    9:58 AM: HKCR\smartstart.smartstart\ (ID = 662000)
    9:58 AM: HKCR\refdial.refdial\ (ID = 661996)
    9:58 AM: HKCR\inshandler.inshandler\ (ID = 661992)
    9:58 AM: HKCR\icwsystemconfig.icwsystemconfig\ (ID = 661988)
    9:58 AM: HKCR\icwconn.webview\ (ID = 661983)
    9:58 AM: HKCR\icwconn.walker\ (ID = 661978)
    9:58 AM: HKCR\icwconn.ispdata\ (ID = 661973)
    9:58 AM: HKCR\icwconn.gifconvert\ (ID = 661968)
    9:58 AM: HKCR\icwconn.apprentice\ (ID = 661963)
    9:58 AM: HKLM\software\classes\dialerr.dialerr\ (ID = 135355)
    9:58 AM: Found Adware: multidial
    9:58 AM: HKCR\spamblockerconfig.application\ (ID = 127634)
    9:58 AM: HKLM\software\spam blocker\ (ID = 127633)
    9:58 AM: HKLM\software\classes\spamblockerconfig.application\ (ID = 127536)
    9:58 AM: HKLM\software\classes\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127435)
    9:58 AM: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127434)
    9:58 AM: HKCR\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127271)
    9:58 AM: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127270)
    9:58 AM: Found Adware: hotbar/zango
    9:58 AM: Starting Registry Sweep
    9:58 AM: Memory Sweep Complete, Elapsed Time: 00:03:14
    9:55 AM: Detected running threat: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
    9:55 AM: Found Adware: searchtool
    9:55 AM: Starting Memory Sweep
    9:55 AM: Start Full Sweep
    9:55 AM: Sweep initiated using definitions version 834
    9:55 AM: Spy Sweeper 5.2.3.2138 started
    9:55 AM: | Start of Session, January 10, 2007 |
    ********
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:27 AM: Shield States
    11:27 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    11:27 AM: Spyware Definitions: 834
    11:27 AM: Spy Sweeper 5.2.3.2138 started
    9:55 AM: | End of Session, January 10, 2007 |
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:51 AM: Shield States
    9:50 AM: Spyware Definitions: 816
    9:50 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    9:49 AM: Spy Sweeper 5.2.3.2138 started
    9:49 AM: Spy Sweeper 5.2.3.2138 started
    9:49 AM: | Start of Session, January 10, 2007 |
    ********
    10:30 AM: Removal process completed. Elapsed time 00:00:51
    10:30 AM: A reboot was suggested but declined.
    10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21D.tmp". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST21E.tmp". Reason: The system cannot find the file specified
    10:30 AM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:30 AM: Quarantining All Traces: webtrendslive cookie
    10:30 AM: Quarantining All Traces: advertising cookie
    10:30 AM: Quarantining All Traces: questionmarket cookie
    10:30 AM: Quarantining All Traces: redsheriff cookies
    10:30 AM: Quarantining All Traces: clickbank cookie
    10:30 AM: Quarantining All Traces: tacoda cookie
    10:30 AM: Quarantining All Traces: 2o7.net cookie
    10:30 AM: Quarantining All Traces: mediaplex cookie
    10:30 AM: Quarantining All Traces: atlas dmt cookie
    10:30 AM: Quarantining All Traces: webtrends cookie
    10:30 AM: Quarantining All Traces: 180search assistant/zango
    10:30 AM: Quarantining All Traces: hotbar/zango
    10:30 AM: Quarantining All Traces: mirar webband
    10:30 AM: Quarantining All Traces: multidial
    10:30 AM: Quarantining All Traces: searchtool
    10:30 AM: Removal process initiated
    10:29 AM: Traces Found: 81
    10:29 AM: Full Sweep has completed. Elapsed time 00:34:15
    10:29 AM: File Sweep Complete, Elapsed Time: 00:30:40
    10:19 AM: Warning: Failed to access drive E:
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\virusdefs\lulock.dat". The process cannot access the file because it is being used by another process
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\idsdefs\lulock.dat". The process cannot access the file because it is being used by another process
    10:11 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\symcdata\nco1.0defs\lulock.dat". The process cannot access the file because it is being used by another process
    10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:07 AM: Warning: Failed to open file "c:\documents and settings\grant\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\grant\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
    10:06 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    10:01 AM: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
    10:01 AM: C:\WINDOWS\system32\SearchTool\SearchTool.dll (ID = 429258)
    10:01 AM: C:\WINDOWS\system32\SearchTool (3 subtraces) (ID = 2147538562)
    10:01 AM: C:\WINDOWS\system32\SmartShopper (4 subtraces) (ID = 2147537822)
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
    9:59 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
    9:58 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    9:58 AM: Starting File Sweep
    9:58 AM: Warning: Failed to access drive A:
    9:58 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3667)
    9:58 AM: Found Spy Cookie: webtrendslive cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2175)
    9:58 AM: Found Spy Cookie: advertising cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1958)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3217)
    9:58 AM: Found Spy Cookie: questionmarket cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2845)
    9:58 AM: Found Spy Cookie: redsheriff cookies
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 2398)
    9:58 AM: Found Spy Cookie: clickbank cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1957)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 6444)
    9:58 AM: Found Spy Cookie: tacoda cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 3669)
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 1958)
    9:58 AM: Found Spy Cookie: 2o7.net cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][1].txt (ID = 6442)
    9:58 AM: Found Spy Cookie: mediaplex cookie
    9:58 AM: c:\documents and settings\grant\cookies\[email protected][2].txt (ID = 2253)
    9:58 AM: Found Spy Cookie: atlas dmt cookie
    9:58 AM: c:\documents and settings\brayden and jordyn\cookies\brayden and [email protected][2].txt (ID = 3669)
    9:58 AM: Found Spy Cookie: webtrends cookie
    9:58 AM: Starting Cookie Sweep
    9:58 AM: Registry Sweep Complete, Elapsed Time:00:00:13
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\relevanceinstaller\ (ID = 1896814)
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\lifetimeporn\ (ID = 1896808)
    9:58 AM: Found Adware: mirar webband
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\searchenhancer\ (ID = 1880916)
    9:58 AM: HKU\S-1-5-21-776561741-2025429265-725345543-1003\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1005\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKU\WRSS_Profile_S-1-5-21-776561741-2025429265-725345543-1006\software\884e079b2f78c10334a79b210e9ea2b7\ (ID = 1362730)
    9:58 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchenhancer\ (ID = 1880925)
    9:58 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877812)
    9:58 AM: HKLM\software\classes\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877800)
    9:58 AM: HKLM\software\classes\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877788)
    9:58 AM: HKLM\software\classes\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877776)
    9:58 AM: HKCR\clsid\{92c3f342-45da-4511-853a-b3836aaff5f5}\ (ID = 1877764)
    9:58 AM: HKCR\clsid\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}\ (ID = 1877752)
    9:58 AM: HKCR\clsid\{5015bf9d-173c-474b-9af3-77d4d23a4135}\ (ID = 1877740)
    9:58 AM: HKLM\software\classes\fis.ohb.1\ (ID = 1779239)
    9:58 AM: HKLM\software\classes\fis.ohb\ (ID = 1779233)
    9:58 AM: HKLM\software\classes\fis.momo.1\ (ID = 1779229)
    9:58 AM: HKLM\software\classes\fis.momo\ (ID = 1779223)
    9:58 AM: HKLM\software\classes\fis.amo.1\ (ID = 1779219)
    9:58 AM: HKLM\software\classes\fis.amo\ (ID = 1779213)
    9:58 AM: HKCR\fis.ohb.1\ (ID = 1779187)
    9:58 AM: HKCR\fis.ohb\ (ID = 1779181)
    9:58 AM: HKCR\fis.momo.1\ (ID = 1779177)
    9:58 AM: HKCR\fis.momo\ (ID = 1779171)
    9:58 AM: HKCR\fis.amo.1\ (ID = 1779167)
    9:58 AM: HKCR\fis.amo\ (ID = 1779161)
    9:58 AM: HKCR\dialerr.dialerr\ (ID = 1627741)
    9:58 AM: HKCR\dialerr.dialerr.1\ (ID = 1627737)
    9:58 AM: HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362734)
    9:58 AM: HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d7}\ (ID = 1362723)
    9:58 AM: HKLM\software\classes\spamblockerconfig.application.1\ (ID = 968867)
    9:58 AM: HKCR\spamblockerconfig.application.1\ (ID = 968312)
    9:58 AM: HKLM\software\classes\imside1egate.application.1\ (ID = 711277)
    9:58 AM: HKCR\imside1egate.application.1\ (ID = 710985)
    9:58 AM: Found Adware: 180search assistant/zango
    9:58 AM: HKLM\software\classes\dialerr.dialerr.1\ (ID = 662143)
    9:58 AM: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
    9:58 AM: HKCR\webgate.webgate\ (ID = 662012)
    9:58 AM: HKCR\userinfo.userinfo\ (ID = 662008)
    9:58 AM: HKCR\tapilocationinfo.tapilocationinfo\ (ID = 662004)
    9:58 AM: HKCR\smartstart.smartstart\ (ID = 662000)
    9:58 AM: HKCR\refdial.refdial\ (ID = 661996)
    9:58 AM: HKCR\inshandler.inshandler\ (ID = 661992)
    9:58 AM: HKCR\icwsystemconfig.icwsystemconfig\ (ID = 661988)
    9:58 AM: HKCR\icwconn.webview\ (ID = 661983)
    9:58 AM: HKCR\icwconn.walker\ (ID = 661978)
    9:58 AM: HKCR\icwconn.ispdata\ (ID = 661973)
    9:58 AM: HKCR\icwconn.gifconvert\ (ID = 661968)
    9:58 AM: HKCR\icwconn.apprentice\ (ID = 661963)
    9:58 AM: HKLM\software\classes\dialerr.dialerr\ (ID = 135355)
    9:58 AM: Found Adware: multidial
    9:58 AM: HKCR\spamblockerconfig.application\ (ID = 127634)
    9:58 AM: HKLM\software\spam blocker\ (ID = 127633)
    9:58 AM: HKLM\software\classes\spamblockerconfig.application\ (ID = 127536)
    9:58 AM: HKLM\software\classes\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127435)
    9:58 AM: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127434)
    9:58 AM: HKCR\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (ID = 127271)
    9:58 AM: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (ID = 127270)
    9:58 AM: Found Adware: hotbar/zango
    9:58 AM: Starting Registry Sweep
    9:58 AM: Memory Sweep Complete, Elapsed Time: 00:03:14
    9:55 AM: Detected running threat: C:\WINDOWS\system32\SearchTool\nsw2A8.dll (ID = 429261)
    9:55 AM: Found Adware: searchtool
     
  8. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    Logfile of HijackThis v1.99.1
    Scan saved at 12:25:32 PM, on 10/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\PROGRA~1\SOFTWA~1\soproc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Microsoft Inactive Object Discovery Tool - {946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} - C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] "C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
    O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
    O4 - HKCU\..\Run: [AnyTime Organizer] "C:\Program Files\AnyTime Deluxe\AtDem.exe"
    O4 - HKCU\..\Run: [worldtime.exe] "C:\PROGRA~1\ANYTIM~1\worldtime.exe" nosplash
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) - http://services.yummy.net/download/WebInstall.CAB
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall Control) - http://download.acegain.com/agent/DMInstall.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) - http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    First go to add/remove programs & remove any of these found

    Spyware Assasin
    Smart Shopper
    SoftwareOnline



    then reboot then

    Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily


    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing)
    O2 - BHO: Microsoft Inactive Object Discovery Tool - {946F93E1-AA27-4490-B312-A87362041E3C} - C:\Program Files\AXHunter\AXHunt.dll
    O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"

    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj

    O4 - Startup: PowerReg Scheduler V3.exe

    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\


    now Start killbox, paste the first file listed below into the full pathname and file to delete box

    The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

    [Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

    C:\PROGRA~1\SOFTWA~1\
    C:\Program Files\Spyware Assassin 4.0\
    C:\WINDOWS\system32\SmartShopper\

    Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

    then reboot again & post a frsh HJT log & tell us how it is
     
  10. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    Thanks Derek,

    So far everything is working faster than it was. I was able to get onto the forum with no probs. I haven't checked to see if my files freeze when I get into them but so far so good.

    Thank you for all your help. I hope this log is better; let me know if there is anything else I should take out.

    Thanks again and take care ;)
    Kristie


    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:09 PM, on 10/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Shaw Toolbar - {97720f21-6D88-4958-8AD3-83C12D86ADC7} - C:\Progra~1\shaw\bin\Toolbar\shawbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] "C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
    O4 - HKCU\..\Run: [AnyTime Organizer] "C:\Program Files\AnyTime Deluxe\AtDem.exe"
    O4 - HKCU\..\Run: [worldtime.exe] C:\PROGRA~1\ANYTIM~1\worldtime.exe nosplash
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) - http://services.yummy.net/download/WebInstall.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} (DownloadManagerInstall Control) - http://download.acegain.com/agent/DMInstall.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) - http://services.yummy.net/download/Player3,6,14,0/YPlayerSetup.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    That looks clear now

    you could probably trim down your startups somewhat and possibly lose a few toolbars if they aren't in use


    Turn off system restore by following instructions here
    http://www.thespykiller.co.uk/forum/index.php?page=8
    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

    go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.
    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

    Then pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
     
  12. kgbj

    kgbj Thread Starter

    Joined:
    Jan 6, 2007
    Messages:
    63
    Thank you sooo much everything seems to be running much smother.

    When I get some extra cash I will defently be sending a donation.

    Once again THANK YOU!

    Kristie
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/533586

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice