Issues getting smitRem.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kenaida

Thread Starter
Joined
Jan 9, 2006
Messages
5
Hi, I am having some problems with getting smitRem.exe. Won't load the page at all. Found one of the people that has the same problem getting the file as well, but no help was there. Is there another way around the "SmitFraud-C" spybot picked up?

Here is HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:20 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP59870/P5001/l/scripts/btool.js?btool=s&uname=btool12&pword=lingojunction
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Hope you can help :eek: Thanks.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
try this and see what it finds

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • [*]Sweep Memory
      [*]Sweep Registry
      [*]Sweep Cookies
      [*]Sweep All User Accounts
      [*]Enable Direct Disk Sweeping
      [*]Sweep Contents of Compressed Files
      [*]Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

Kenaida

Thread Starter
Joined
Jan 9, 2006
Messages
5
Had to separate since the results had more then 30k characters.

********
10:15 PM: | Start of Session, Monday, January 09, 2006 |
10:15 PM: Spy Sweeper started
10:15 PM: Sweep initiated using definitions version 598
10:15 PM: Starting Memory Sweep
10:28 PM: Memory Sweep Complete, Elapsed Time: 00:12:45
10:28 PM: Starting Registry Sweep
10:28 PM: Found Trojan Horse: trojan-downloader-dh
10:28 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035)
10:29 PM: Found Trojan Horse: trojan-backdoor-satellite
10:29 PM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
10:29 PM: Registry Sweep Complete, Elapsed Time:00:01:27
10:29 PM: Starting Cookie Sweep
10:29 PM: Found Spy Cookie: adknowledge cookie
10:29 PM: [email protected][1].txt (ID = 2072)
10:29 PM: Found Spy Cookie: statcounter cookie
10:29 PM: [email protected][2].txt (ID = 3447)
10:29 PM: Found Spy Cookie: specificclick.com cookie
10:29 PM: [email protected][1].txt (ID = 3400)
10:29 PM: Found Spy Cookie: burstnet cookie
10:29 PM: [email protected][2].txt (ID = 2336)
10:29 PM: Found Spy Cookie: 2o7.net cookie
10:29 PM: [email protected][2].txt (ID = 1958)
10:29 PM: Found Spy Cookie: burstbeacon cookie
10:29 PM: [email protected][1].txt (ID = 2335)
10:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:29 PM: Warning: System Error. Code: 3.
The system cannot find the path specified
10:29 PM: Starting File Sweep
10:29 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs00476f43-73ae-4291-8088-f7783f07fd4d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs00c0f209-05d5-4ae8-9c88-6b4d9d4bcd2e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs02678c81-126b-4539-9f68-44cbff6a3b88.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs03ada040-e564-431f-9cbe-a9ac8cea6670.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs09645be3-8816-4432-8c63-b3eb8bec98c2.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs121039c5-6c3c-4863-85b5-ab2909710a14.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1bd26318-f649-452c-92f4-4ab1c2fe6d3d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e1cdd40-a6a1-465a-9735-7518a1ff34a6.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ffeff00-1ec4-466c-a487-dcc123d17348.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs218100ab-a994-4cad-8453-deb75e7bcbbf.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21f03453-0896-42b6-9285-4d7d10c729c5.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs24bc5b22-4c55-49e3-b6f2-ad45c38e18ab.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs24cb24c0-cf2f-41f1-99bc-0654e2d09f2d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs288ea642-f540-4b03-81af-e6b42feb0018.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs290ae225-2b21-4297-bb3f-478d472f7f2b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2d295918-0d16-4516-ac56-927b912408f0.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38e6d329-fb45-4072-aaeb-f900afcd4088.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3be6d89e-761f-4604-ac22-158438f1b3d6.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs40ee95c5-1965-4810-a88e-60b46b3421bb.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs419d5b77-05a0-4f64-9f93-c8452728db02.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs463f082b-85e2-4c50-a0af-0e65be95ad0b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46738cc1-6265-4b93-9754-53e71687283d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs476c43a7-aaef-48e2-a77b-52922b2caba5.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4baee71f-344f-4782-8d2f-a222d58e71f1.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4fcac911-9441-4559-8de5-2dfa6382ac23.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5065ce80-34b9-4612-8f3d-5c1d6ae1a68b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5203c2b6-5641-4618-818e-c0e9d61503d3.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs524320e4-cbba-4498-a24c-0f771c1a87cd.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs580d62b4-19f4-44d9-b56f-cdeea11210a8.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a02e68f-5cf6-4d6d-b853-4a909083a640.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ad8f2da-197f-45e5-bca8-f1cbc40e359c.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b458fa3-d140-4b60-ab5b-3664a27eace5.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5cd28545-a76a-4152-ba25-466a9eb95104.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f2eabf5-3ad9-4e55-9b95-5ec3866aabc8.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f7a79c8-cb74-4e2f-b0ed-8ec3e9bd20dd.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs606546ee-bcf6-4257-9477-4d0492d70d50.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs639b3277-e72d-4df2-a13d-4094e5148039.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs64339446-1fb7-4895-ae8c-143fa2a7a10d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs65d19377-b567-453b-862a-f7a84e19b85f.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6d63ebe7-7894-4b92-bc17-2ba2bc146c6d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70197c23-cf74-403e-832b-5913fdaf7ef0.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs740a3cdc-d567-46f3-a75a-bba8c8bb0651.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs74194a69-9891-43b8-8352-c75858ab8edc.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b20383e-d365-4cf2-9351-64444586f7ec.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b7f13cb-bbcc-401d-b5a9-6495ef5de3b3.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7c9c6ca4-4751-44a2-aa5f-2a14d7f4a0a1.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7f805d58-58be-4ca2-b7f8-8685cdd6f048.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs803ab338-743a-41d9-a013-daa3a9908bc1.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81e301ba-627f-4831-b823-c5a3d4d0d895.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs833e086b-6904-4f75-bf6b-1ee569195c55.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs846e2fd0-d2df-45f6-a660-a16c3e04cace.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85e63a1c-4970-453e-bad2-d6764aee3046.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs874b0de1-beae-402a-99e0-51d2aade4ba7.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87c8311d-6097-435b-932e-63d5620ceea8.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87d3507c-5eb2-4abe-bb07-cb677c50b0fe.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs89619580-e1fd-4b04-b8fe-8a70f7dddcc6.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a718e2a-19b0-4398-8771-bc67c4063ce0.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b1650db-da48-4f14-8367-553e7c9440a9.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d7d62b3-7688-4f25-97e1-a27ee95dc271.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92c2960f-b0ac-4941-ac26-6a7ce3b2926d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs933fac9c-131a-431b-80f0-91c287c6125b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b151692-dd5c-496c-a5be-a1d22e7d437d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9fab7617-2b1f-4b2e-a08f-bc11cffa3ece.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa55fcc23-30c5-4e52-a78d-41d77103c940.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa5cb8788-ff2f-4066-9437-e91668bd8646.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6900fdd-bc05-4689-8bcd-096eef7335ce.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab416ea2-60c4-43ad-bea0-d6bf57620a51.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsace5c142-ad64-4327-8488-2b1c87ba48e8.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb542cea8-9058-4dc0-bd4c-6b29da15e458.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5a8edcd-7431-4619-8ae2-8c6b2b7ccb7e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7921181-0747-4a68-90b2-0b718928eee1.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb84d8214-1f28-4c5c-a0e4-f918e01266cd.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb8f51773-c048-45f3-9702-380f01431f21.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbd514bcc-7c9f-497d-a5a3-3970a323974b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbda13b12-4510-4f0f-84e1-4240059c9800.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe5d32a9-224c-43df-9770-19b8cf2e140e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbf2bf5da-8eee-470e-881e-c88d1443c3a5.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc2ffcc4b-fc44-4ed5-a4af-c0514f44a30e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc726d2b4-8d9a-447f-aae7-013c3602cf1e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscb4b22d8-011b-424f-aab5-dc9f84047f6a.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscc9b18e5-474d-4363-9889-f2651356949b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd665b0ff-95ed-4387-b1bf-c2692fe84337.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd8a97ce8-031d-4b68-a251-e5ed6264ed90.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdd9efc48-33c7-4f69-9316-fe87868cacde.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsde0a3ee5-6640-41eb-a22c-94e2d85fc1b7.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsde56200d-96dd-42bd-b08f-7c2af9918093.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdf1c7b74-1c77-4c40-8653-4314611bb21e.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1147d03-c064-449e-af27-92f3082227b6.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1ef7819-917e-443f-beb2-2572fd50cf6f.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2e950d2-ee4d-44b6-9389-a57967d035e0.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse70c76ff-1fda-4099-b118-0b73fc8e4b29.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse74a46f0-ff90-466e-b91e-18c9e514239f.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse74f00eb-6012-4abc-90e7-9c48cfe03026.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse8a8bdfd-49b3-4208-9fba-3aa62c9f56da.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea1ad136-9358-41e9-99b9-81f72436fcc5.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb3a94cc-e5d7-46a5-b376-a3ff1d24ee7f.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb58cbf0-c792-4442-beec-50e86fe22c2f.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsedcad009-abca-4d71-ac03-4e6326b6ca11.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef02b438-fa3a-402d-9068-c4754891720d.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1404aa2-a0a3-4579-8b71-297fd3a4af0b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2c5312c-5b38-4043-b279-25ffae8ca0a0.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8104b6d-0598-4400-8fa8-e016d7004094.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8e725e0-c6c3-4963-8b8e-10e14e427403.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfc4b416e-fbca-40cc-a9a1-2adc4fc4876b.tmp". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\siren\ntuser.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\siren\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:30 PM: Found Adware: winhound spyware remover
 

Kenaida

Thread Starter
Joined
Jan 9, 2006
Messages
5
10:30 PM: c:\documents and settings\siren\application data\winhound.com (11 subtraces) (ID = -2147462035)
10:30 PM: Warning: Failed to open file "c:\documents and settings\siren\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:30 PM: Warning: Failed to open file "c:\documents and settings\siren\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:33 PM: The Spy Communication shield has blocked access to: c.qckjmp.com
10:33 PM: The Spy Communication shield has blocked access to: c.qckjmp.com
10:33 PM: The Spy Communication shield has blocked access to: c.qckjmp.com
10:33 PM: The Spy Communication shield has blocked access to: c.qckjmp.com
10:39 PM: Found Adware: surfsidekick
10:39 PM: c:\program files\common files\vcclient (9 subtraces) (ID = -2147461290)
10:39 PM: vcclient.exe (ID = 212828)
10:52 PM: Found Adware: spysheriff fakealert
10:52 PM: secure32.html (ID = 184319)
10:52 PM: dh.ini (ID = 211044)
11:12 PM: Found Adware: command
11:12 PM: mzprsq54sk.vbs (ID = 185675)
11:29 PM: dh9013.exe (ID = 208497)
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
11:40 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
11:59 PM: File Sweep Complete, Elapsed Time: 01:29:40
11:59 PM: Full Sweep has completed. Elapsed time 01:43:58
11:59 PM: Traces Found: 38
12:07 AM: Removal process initiated
12:07 AM: Quarantining All Traces: trojan-backdoor-satellite
12:07 AM: Quarantining All Traces: surfsidekick
12:07 AM: Quarantining All Traces: trojan-downloader-dh
12:07 AM: Quarantining All Traces: command
12:07 AM: Quarantining All Traces: spysheriff fakealert
12:07 AM: Quarantining All Traces: winhound spyware remover
12:07 AM: Quarantining All Traces: 2o7.net cookie
12:07 AM: Quarantining All Traces: adknowledge cookie
12:07 AM: Quarantining All Traces: burstbeacon cookie
12:07 AM: Quarantining All Traces: burstnet cookie
12:07 AM: Quarantining All Traces: specificclick.com cookie
12:07 AM: Quarantining All Traces: statcounter cookie
12:07 AM: Removal process completed. Elapsed time 00:00:06
********
10:12 PM: | Start of Session, Monday, January 09, 2006 |
10:12 PM: Spy Sweeper started
10:14 PM: Your spyware definitions have been updated.
10:15 PM: | End of Session, Monday, January 09, 2006 |

HiJackThis Results after sweeper.

Logfile of HijackThis v1.99.1
Scan saved at 12:11:09 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
how is it behaving now

any pop ups or diverts or warnings or what
 

Kenaida

Thread Starter
Joined
Jan 9, 2006
Messages
5
Well, ran 4 spyware scans with 4 different software titles including SpySweeper and nothing showed up anymore. So I think I am all set. Kind of annoying though that some spyware software ditects different things. Thank for your help :D
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
As it appears clear now

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top