Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

So slow, and a bit of everything seems to be going wrong!

Started by JohnnyG , Nov 20 2006 04:39 PM

Please log in to reply

#1
JohnnyG

Posted 20 November 2006 - 04:39 PM

Member

Member
25 posts

I really need some help with this as my computer's getting quite rediculous now. I have a pretty average understanding of computers and terminology etc, so please bear with me!

For the past month or two, my computer, which has windows XP (with SP2 and is fully updated), has been getting slower and slower. It now regularly 'jams' or gets 'stuck' when starting up, often having to be restarted at least 2 or 3 times before it does so succesfully, and only then after an absolute age.

I'm frequently being told the virtual memory is too low, even if I'm just using a Word document and then try and open Internet Explorer at the same time.

I have Norton Antivirus and Internet Security, but I am unable to complete scans as they always 'develop a problem and need to close' before it completes. I also have AVG 7.5 Anti Malware and have had the trial AVG Anti Spyware. This regularly highlights a High Risk 'Downloader.Agent.url' thing after a scan, and said it would quaranteen it, but everytime I rescanned it was still there, even if it was just 5 minutes later.

I have also tried the system restore thing outlined in the introduction, but for some reason this also seems to get a problem and needs to close everytime I try this.

My Hyjackthis Log is below, and I really would be grateful for any help with sorting this. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 22:15:09, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\John\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159292926359
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://static.one2on...WMOggPlayer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4360262F-63D7-46B5-ABDA-F3AF08DBEEFB}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{55A3E70C-DA52-44A7-848A-396E12FB50BC}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE0A8AB8-68D2-4B0E-81DB-890361DE66C4}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{4360262F-63D7-46B5-ABDA-F3AF08DBEEFB}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

#2
MFDnSC

Posted 20 November 2006 - 04:52 PM

Banned

Banned
1,137 posts

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.sub.../Fixwareout.exe
or
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

Fix these with HJT – mark them, close IE, click fix checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{4360262F-63D7-46B5-ABDA-F3AF08DBEEFB}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\..\{55A3E70C-DA52-44A7-848A-396E12FB50BC}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE0A8AB8-68D2-4B0E-81DB-890361DE66C4}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{4360262F-63D7-46B5-ABDA-F3AF08DBEEFB}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210

If you have connection problems after this

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
· Double-click the Network Connections icon
· Right-click the Local Area Connection icon and select Properties.
· Hilight Internet Protocol (TCP/IP) and click the Properties button.
· Be sure Obtain DNS server address automatically is selected.
· OK your way out.

* Go to Start > Run and type in cmd
· Click OK.
· This will open a commad prompt.
· Type or copy and paste the following line in the command window:

ipconfig /flushdns
· Hit Enter
· Exit the command window

Do that before you restart.

=============
At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

==================================
If you get an Autoexec nt error do the following

XP Fix - http://www.visualtour.com/downloads/

Scroll down to get XP Fix

And run FixWareout again.

#3
JohnnyG

Posted 21 November 2006 - 09:24 AM

Member

Topic Starter
Member
25 posts

Thanks for your help MFDnSC. Sorry its taken so long to get back.

I have downloaded Fixwareout, installed and run it. On rebooting though, it gets to where it says it is going to now fix things, but the computer just sticks, so all I can see is the background picture but no toolbars or icons. I know it says it could take longer than usual, but I have left it for up to 3 hours and still nothing occurs. I ended up rebooting again, trying torun it again, but the same thing occured, so although the initial Fixware seemed to start, I'm not sure if it did its thing. I've not been given a fixware report though, so I don't think so.

I have restarted Hijack This, checked the 6 lines that you identified and had them 'fixed', so hopefully thats done ok.

Should I try and run the Fixwareout again or a diferent way?

Thanks again,
Johnny

The new Hijack This log now is:

Logfile of HijackThis v1.99.1
Scan saved at 15:21:59, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159292926359
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://static.one2on...WMOggPlayer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

#4
MFDnSC

Posted 21 November 2006 - 10:11 AM

Banned

Banned
1,137 posts

Does AVG AS or AVG AV find Ruin infection

#5
JohnnyG

Posted 22 November 2006 - 09:17 AM

Member

Topic Starter
Member
25 posts

Thanks again MFDnSC.

I'm sorry but I'm not sure what a Ruin infection is. I carried out a full scan with the AVG, although its the Anti Malware one I've got. This found quite a few Adware generic. kfk, Tracking cookie Hitbox family, loads of Trojan.small.fb, and 2 potentially harmful programs:
PSKILL>EXE.tcf and RESTORE>INS

Nothing showed up with 'Ruin' in the name though. Would I be better off using a different AVG product? I had the Anti Spyware for the 30 day trial, which has now run out, so I'm not sure if I'd be laoud to get it agian.

I've since also carried out another full Norton AV scan, and it showed up nothing at all.

THe computer is still very very slow starting up, although it hasn't got 'stuck' since the scans. It is also still very slow opening any pages or documents. (ie opening Outlook Express takes a good 3 to 4 minutes to open, and another 2 or 3 minutes to show the new messages. The same with Internet Explorer)

Not sure if this helps any though
Johnny

#6
MFDnSC

Posted 22 November 2006 - 09:38 AM

Banned

Banned
1,137 posts

I think fixwareout did its thing - lets do a couple more

==================

DownLoad EasyCleaner http://www.majorgeek...ownload414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
========================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.c...s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.

#7
JohnnyG

Posted 24 November 2006 - 09:59 AM

Member

Topic Starter
Member
25 posts

Thanks again MFDnSC.

Its taken a while to get back because the spy sweeper scans always seemed to get 3/4 of the way through and get kind of stuck. Just in case it needed more time I even left one and the timer continued for over 12 hours, but it wouldn't continue or let me view any results.

In the end I've saved a report of the most recent that got to about 3/4 of the way through. I'll keep trying though.

The Spy Sweeper session log I got was:

08:20: Removal process completed. Elapsed time 00:01:31
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Quarantining All Traces: xren_cj cookie
08:19: Quarantining All Traces: xiti cookie
08:19: Quarantining All Traces: webpower cookie
08:19: Quarantining All Traces: tribalfusion cookie
08:19: Quarantining All Traces: dealtime cookie
08:19: Quarantining All Traces: webtrends cookie
08:19: Quarantining All Traces: humanclick cookie
08:19: Quarantining All Traces: gamespy cookie
08:19: Quarantining All Traces: bizrate cookie
08:19: Quarantining All Traces: atlas dmt cookie
08:19: Quarantining All Traces: about cookie
08:19: Quarantining All Traces: 190dotcom cookie
08:19: Quarantining All Traces: whenu
08:19: Quarantining All Traces: spyware quake
08:19: Quarantining All Traces: elitebar
08:19: Quarantining All Traces: trojan-downloader-zlob
08:19: Quarantining All Traces: popuper
08:19: Quarantining All Traces: trojan-downloader-ruin
08:18: Removal process initiated
08:17: Sweep Status: 18 Items Found
08:17: Traces Found: 30
08:17: File Sweep Complete, Elapsed Time: 01:41:52
08:16: Sweep Canceled
07:28: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
07:27: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
07:22: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
06:57: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
06:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
06:35: Starting File Sweep
06:35: Warning: Failed to access drive A:
06:34: Cookie Sweep Complete, Elapsed Time: 00:00:06
06:34: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
06:34: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
06:34: Found Spy Cookie: xren_cj cookie
06:34: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
06:34: Found Spy Cookie: xiti cookie
06:34: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
06:34: Found Spy Cookie: webpower cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
06:34: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
06:34: Found Spy Cookie: tribalfusion cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
06:34: Found Spy Cookie: dealtime cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
06:34: Found Spy Cookie: webtrends cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
06:34: Found Spy Cookie: humanclick cookie
06:34: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
06:34: Found Spy Cookie: gamespy cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
06:34: Found Spy Cookie: bizrate cookie
06:34: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
06:34: Found Spy Cookie: atlas dmt cookie
06:34: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
06:34: Found Spy Cookie: about cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
06:34: Found Spy Cookie: 190dotcom cookie
06:34: Starting Cookie Sweep
06:34: Registry Sweep Complete, Elapsed Time:00:02:34
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
06:34: Found Adware: whenu
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
06:34: Found Adware: elitebar
06:33: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
06:33: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
06:33: HKCR\vsenchancer.chl\ (ID = 1519747)
06:33: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
06:33: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
06:33: Found Adware: spyware quake
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
06:33: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
06:33: HKCR\media-codec.chl\ (ID = 1247790)
06:33: Found Trojan Horse: trojan-downloader-zlob
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
06:33: Found Adware: popuper
06:33: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
06:33: Found Trojan Horse: trojan-downloader-ruin
06:31: Starting Registry Sweep
06:31: Memory Sweep Complete, Elapsed Time: 00:14:41
06:17: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
06:17: Starting Memory Sweep
06:16: Start Full Sweep
06:16: Sweep initiated using definitions version 808
06:16: Spy Sweeper 5.2.3.2125 started
06:16: | Start of Session, 24 November 2006 |
********
06:16: | End of Session, 24 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
06:11: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:09: Shield States
06:08: Spyware Definitions: 808
06:08: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
06:07: Spy Sweeper 5.2.3.2125 started
17:32: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
17:31: Shield States
17:31: Spyware Definitions: 808
17:31: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
17:30: Spy Sweeper 5.2.3.2125 started
11:56: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:54: Shield States
11:53: Spyware Definitions: 808
11:53: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
11:50: Spy Sweeper 5.2.3.2125 started
09:16: | End of Session, 23 November 2006 |
08:49: Your virus definitions have been updated.
08:49: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
08:46: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
08:32: Shield States
08:30: Spyware Definitions: 808
08:30: Warning: Virus definitions files are invalid, please update your virus definitions. 220
08:28: Spy Sweeper 5.2.3.2125 started
07:24: Starting File Sweep
07:24: Warning: Failed to access drive A:
07:24: Cookie Sweep Complete, Elapsed Time: 00:00:04
07:24: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
07:24: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
07:24: Found Spy Cookie: xren_cj cookie
07:24: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
07:24: Found Spy Cookie: xiti cookie
07:24: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
07:24: Found Spy Cookie: webpower cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
07:24: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
07:24: Found Spy Cookie: tribalfusion cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
07:24: Found Spy Cookie: dealtime cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
07:24: Found Spy Cookie: webtrends cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
07:24: Found Spy Cookie: humanclick cookie
07:24: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
07:24: Found Spy Cookie: gamespy cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
07:24: Found Spy Cookie: bizrate cookie
07:24: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
07:24: Found Spy Cookie: about cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
07:24: Found Spy Cookie: 190dotcom cookie
07:24: Starting Cookie Sweep
07:24: Registry Sweep Complete, Elapsed Time:00:02:20
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
07:24: Found Adware: whenu
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
07:24: Found Adware: elitebar
07:23: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
07:23: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
07:23: HKCR\vsenchancer.chl\ (ID = 1519747)
07:23: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
07:23: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
07:23: Found Adware: spyware quake
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
07:23: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
07:23: HKCR\media-codec.chl\ (ID = 1247790)
07:23: Found Trojan Horse: trojan-downloader-zlob
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
07:23: Found Adware: popuper
07:23: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
07:23: Found Trojan Horse: trojan-downloader-ruin
07:22: Starting Registry Sweep
07:22: Memory Sweep Complete, Elapsed Time: 00:13:44
07:08: Starting Memory Sweep
07:08: Start Full Sweep
07:08: Sweep initiated using definitions version 808
07:08: Spy Sweeper 5.2.3.2125 started
07:08: | Start of Session, 23 November 2006 |
********
09:37: None
09:37: Traces Found: 0
09:37: Memory Sweep Complete, Elapsed Time: 00:17:57
09:37: Sweep Canceled
09:20: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
09:19: Starting Memory Sweep
09:16: Start Quick Sweep
09:16: Sweep initiated using definitions version 808
09:16: Spy Sweeper 5.2.3.2125 started
09:16: | Start of Session, 23 November 2006 |
********
12:18: Starting File Sweep
12:18: Warning: Failed to access drive A:
12:18: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:18: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
12:18: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
12:18: Found Spy Cookie: xren_cj cookie
12:18: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
12:18: Found Spy Cookie: xiti cookie
12:18: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
12:18: Found Spy Cookie: webpower cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
12:18: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
12:18: Found Spy Cookie: tribalfusion cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
12:18: Found Spy Cookie: dealtime cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
12:18: Found Spy Cookie: webtrends cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
12:18: Found Spy Cookie: humanclick cookie
12:18: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
12:18: Found Spy Cookie: gamespy cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
12:18: Found Spy Cookie: bizrate cookie
12:18: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
12:18: Found Spy Cookie: about cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
12:18: Found Spy Cookie: 190dotcom cookie
12:18: Starting Cookie Sweep
12:18: Registry Sweep Complete, Elapsed Time:00:02:18
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
12:17: Found Adware: whenu
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
12:17: Found Adware: elitebar
12:17: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
12:17: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
12:17: HKCR\vsenchancer.chl\ (ID = 1519747)
12:17: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
12:17: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
12:17: Found Adware: spyware quake
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
12:17: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
12:17: HKCR\media-codec.chl\ (ID = 1247790)
12:17: Found Trojan Horse: trojan-downloader-zlob
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
12:17: Found Adware: popuper
12:17: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
12:17: Found Trojan Horse: trojan-downloader-ruin
12:15: Starting Registry Sweep
12:15: Memory Sweep Complete, Elapsed Time: 00:18:05
11:57: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
11:57: Starting Memory Sweep
11:56: Start Full Sweep
11:56: Sweep initiated using definitions version 808
11:56: Spy Sweeper 5.2.3.2125 started
11:56: | Start of Session, 23 November 2006 |
********
05:47: Sweep Canceled
19:43: Warning: AntiVirus engine returned [Access Denied] on [c:\windows\temp\~sraxdir.tmp\tmp13b.tmp]
18:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
18:42: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
18:37: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
18:34: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
18:33: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
18:07: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
17:54: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
17:50: Starting File Sweep
17:50: Warning: Failed to access drive A:
17:50: Cookie Sweep Complete, Elapsed Time: 00:00:01
17:50: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
17:50: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
17:50: Found Spy Cookie: xren_cj cookie
17:50: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
17:50: Found Spy Cookie: xiti cookie
17:50: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
17:50: Found Spy Cookie: webpower cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
17:50: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
17:50: Found Spy Cookie: tribalfusion cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
17:50: Found Spy Cookie: dealtime cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
17:50: Found Spy Cookie: webtrends cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
17:50: Found Spy Cookie: humanclick cookie
17:50: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
17:50: Found Spy Cookie: gamespy cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
17:50: Found Spy Cookie: bizrate cookie
17:50: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
17:50: Found Spy Cookie: atlas dmt cookie
17:50: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
17:50: Found Spy Cookie: about cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
17:50: Found Spy Cookie: 190dotcom cookie
17:50: Starting Cookie Sweep
17:50: Registry Sweep Complete, Elapsed Time:00:01:33
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
17:49: Found Adware: whenu
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
17:49: Found Adware: elitebar
17:49: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
17:49: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
17:49: HKCR\vsenchancer.chl\ (ID = 1519747)
17:49: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
17:49: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
17:49: Found Adware: spyware quake
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
17:49: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
17:49: HKCR\media-codec.chl\ (ID = 1247790)
17:49: Found Trojan Horse: trojan-downloader-zlob
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
17:49: Found Adware: popuper
17:49: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
17:49: Found Trojan Horse: trojan-downloader-ruin
17:48: Starting Registry Sweep
17:48: Memory Sweep Complete, Elapsed Time: 00:15:49
17:32: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
17:32: Starting Memory Sweep
17:32: Start Full Sweep
17:32: Sweep initiated using definitions version 808
17:32: Spy Sweeper 5.2.3.2125 started
17:32: | Start of Session, 23 November 2006 |
********
07:08: | End of Session, 23 November 2006 |
07:05: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
07:05: Your definitions are up to date.
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
06:54: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
06:54: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
06:18: Warning: The handle is invalid
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:18: Shield States
06:17: Spyware Definitions: 808
06:17: Warning: Virus definitions files are invalid, please update your virus definitions. 220
06:16: Spy Sweeper 5.2.3.2125 started
21:49: | End of Session, 22 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
21:45: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
21:37: Shield States
21:36: Spyware Definitions: 808
21:36: Warning: Virus definitions files are invalid, please update your virus definitions. 220
21:34: Spy Sweeper 5.2.3.2125 started
18:38: | End of Session, 22 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
18:27: Shield States
18:16: Spyware Definitions: 790
18:16: Warning: Virus definitions files are invalid, please update your virus definitions. 220
18:14: Spy Sweeper 5.2.3.2125 started
18:14: Spy Sweeper 5.2.3.2125 started
18:14: | Start of Session, 22 November 2006 |
********
21:17: Quarantining All Traces: trojan-downloader-ruin
21:17: Quarantining All Traces: elitebar
21:17: Removal process initiated
20:21: Traces Found: 30
20:21: Full Sweep has completed. Elapsed time 01:43:02
20:21: File Sweep Complete, Elapsed Time: 01:27:41
Not enough storage is available to process this command
20:05: Warning: Unable to sweep compressed file: System Error. Code: 8.
19:42: Warning: Failed to access drive Q:
19:29: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0877nav~.tmp". The operation completed successfully
18:53: Starting File Sweep
18:53: Warning: Failed to access drive A:
18:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
18:53: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
18:53: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
18:53: Found Spy Cookie: xren_cj cookie
18:53: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
18:53: Found Spy Cookie: xiti cookie
18:53: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
18:53: Found Spy Cookie: webpower cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
18:53: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
18:53: Found Spy Cookie: tribalfusion cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
18:53: Found Spy Cookie: dealtime cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
18:53: Found Spy Cookie: webtrends cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
18:53: Found Spy Cookie: humanclick cookie
18:53: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
18:53: Found Spy Cookie: gamespy cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
18:53: Found Spy Cookie: bizrate cookie
18:53: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
18:53: Found Spy Cookie: about cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
18:53: Found Spy Cookie: 190dotcom cookie
18:53: Starting Cookie Sweep
18:53: Registry Sweep Complete, Elapsed Time:00:01:21
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
18:53: Found Adware: whenu
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
18:53: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
18:53: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
18:53: HKCR\vsenchancer.chl\ (ID = 1519747)
18:53: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
18:53: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
18:53: Found Adware: spyware quake
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
18:53: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
18:53: HKCR\media-codec.chl\ (ID = 1247790)
18:53: Found Trojan Horse: trojan-downloader-zlob
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
18:53: Found Adware: popuper
18:53: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
18:53: Found Trojan Horse: trojan-downloader-ruin
18:52: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
18:52: Found Adware: elitebar
18:52: Starting Registry Sweep
18:52: Memory Sweep Complete, Elapsed Time: 00:13:17
18:38: Starting Memory Sweep
18:38: Start Full Sweep
18:38: Sweep initiated using definitions version 808
18:38: Spy Sweeper 5.2.3.2125 started
18:38: | Start of Session, 22 November 2006 |
********
22:05: Starting File Sweep
22:05: Warning: Failed to access drive A:
22:05: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:05: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
22:05: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
22:05: Found Spy Cookie: xren_cj cookie
22:05: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
22:05: Found Spy Cookie: xiti cookie
22:05: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
22:05: Found Spy Cookie: webpower cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
22:05: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
22:05: Found Spy Cookie: tribalfusion cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
22:05: Found Spy Cookie: dealtime cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
22:05: Found Spy Cookie: webtrends cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
22:05: Found Spy Cookie: humanclick cookie
22:05: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
22:05: Found Spy Cookie: gamespy cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
22:05: Found Spy Cookie: bizrate cookie
22:05: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
22:05: Found Spy Cookie: about cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
22:05: Found Spy Cookie: 190dotcom cookie
22:05: Starting Cookie Sweep
22:04: Registry Sweep Complete, Elapsed Time:00:01:30
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
22:04: Found Adware: whenu
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
22:04: Found Adware: elitebar
22:04: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
22:04: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
22:04: HKCR\vsenchancer.chl\ (ID = 1519747)
22:04: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
22:04: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
22:04: Found Adware: spyware quake
22:04: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
22:04: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
22:04: HKCR\media-codec.chl\ (ID = 1247790)
22:04: Found Trojan Horse: trojan-downloader-zlob
22:03: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
22:03: Found Adware: popuper
22:03: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
22:03: Found Trojan Horse: trojan-downloader-ruin
22:03: Starting Registry Sweep
22:03: Memory Sweep Complete, Elapsed Time: 00:13:30
21:49: Starting Memory Sweep
21:49: Start Full Sweep
21:49: Sweep initiated using definitions version 808
21:49: Spy Sweeper 5.2.3.2125 started
21:49: | Start of Session, 22 November 2006 |
********

----------------------------------------------------------------------------

The new HijackThis log is:

Logfile of HijackThis v1.99.1
Scan saved at 15:47:49, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\John\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159292926359
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://static.one2on...WMOggPlayer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Sorry, I know thats given you a lot of work!
Johnny

#8
MFDnSC

Posted 24 November 2006 - 10:19 AM

Banned

Banned
1,137 posts

Log looks fine but I'd like for SS to complete

Try it in safe mode

How is the system now??

#9
JohnnyG

Posted 24 November 2006 - 11:44 AM

Member

Topic Starter
Member
25 posts

It's still really really slow to be honest. It takes an age for the computer to get started up first thing. Double clicking to open Internet Explorer, you then have to sit and wait for 2 or 3 minutes before it opens the homepage and then if I try and access eg the BBC website, that takes another good couple of minutes. It's the same with Outlook express or Word still too at the moment.

I'll keep trying with the SS and get back to you with a completed log when I can.

How do I start in Safe mode again?
Thanks for your help
Johnny

#10
MFDnSC

Posted 24 November 2006 - 12:22 PM

Banned

Banned
1,137 posts

boot the system, start tapping F8 at least once a second and you'll get a B&W screen

#11
JohnnyG

Posted 25 November 2006 - 01:22 AM

Member

Topic Starter
Member
25 posts

I managed to get a full scan done at last:

07:16: Removal process completed. Elapsed time 00:02:07
07:14: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST29D.tmp". Reason: The system cannot find the file specified
07:14: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
07:14: Quarantining All Traces: elitebar
07:14: Removal process initiated
05:45: Traces Found: 1
05:45: Full Sweep has completed. Elapsed time 06:08:28
05:44: File Sweep Complete, Elapsed Time: 05:49:18
Not enough storage is available to process this command
05:34: Warning: Unable to sweep compressed file: System Error. Code: 8.
04:49: Warning: Failed to access drive Q:
04:46: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\users\usersettings.pak]
04:27: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0699nav~.tmp". The operation completed successfully
04:03: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
03:47: Warning: AntiVirus engine returned [Access Denied] on [c:\pagefile.sys]
00:52: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
00:50: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
00:44: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
00:40: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
00:40: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
00:11: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
23:58: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
23:55: Starting File Sweep
23:55: Warning: Failed to access drive A:
23:55: Cookie Sweep Complete, Elapsed Time: 00:00:00
23:55: Starting Cookie Sweep
23:55: Registry Sweep Complete, Elapsed Time:00:01:06
23:55: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
23:55: Found Adware: elitebar
23:54: Starting Registry Sweep
23:54: Memory Sweep Complete, Elapsed Time: 00:16:51
23:37: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
23:37: Starting Memory Sweep
23:36: Start Full Sweep
23:36: Sweep initiated using definitions version 808
23:36: Spy Sweeper 5.2.3.2125 started
23:36: | Start of Session, 24 November 2006 |
********
23:36: | End of Session, 24 November 2006 |
23:19: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
22:08: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
21:03: Tamper Detection
20:49: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
18:51: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
17:49: Shield States
17:49: Spyware Definitions: 808
17:49: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 23/11/2006 22:49:00 (GMT)
17:48: Spy Sweeper 5.2.3.2125 started
16:24: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
15:14: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
13:55: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
12:43: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
11:39: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
Operation: File Access
Target:
Source: C:\PROGRA~1\GRISOFT\AVG7\AVGW.EXE
11:11: Tamper Detection
10:26: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
09:21: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
09:02: Your virus definitions have been updated.
09:02: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 23/11/2006 22:49:00 (GMT)
08:53: Your definitions are up to date.
08:20: Removal process completed. Elapsed time 00:01:31
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Quarantining All Traces: xren_cj cookie
08:19: Quarantining All Traces: xiti cookie
08:19: Quarantining All Traces: webpower cookie
08:19: Quarantining All Traces: tribalfusion cookie
08:19: Quarantining All Traces: dealtime cookie
08:19: Quarantining All Traces: webtrends cookie
08:19: Quarantining All Traces: humanclick cookie
08:19: Quarantining All Traces: gamespy cookie
08:19: Quarantining All Traces: bizrate cookie
08:19: Quarantining All Traces: atlas dmt cookie
08:19: Quarantining All Traces: about cookie
08:19: Quarantining All Traces: 190dotcom cookie
08:19: Quarantining All Traces: whenu
08:19: Quarantining All Traces: spyware quake
08:19: Quarantining All Traces: elitebar
08:19: Quarantining All Traces: trojan-downloader-zlob
08:19: Quarantining All Traces: popuper
08:19: Quarantining All Traces: trojan-downloader-ruin
08:18: Removal process initiated
08:17: Sweep Status: 18 Items Found
08:17: Traces Found: 30
08:17: File Sweep Complete, Elapsed Time: 01:41:52
08:16: Sweep Canceled
07:28: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
07:27: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
07:22: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
06:57: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
06:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
06:35: Starting File Sweep
06:35: Warning: Failed to access drive A:
06:34: Cookie Sweep Complete, Elapsed Time: 00:00:06
06:34: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
06:34: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
06:34: Found Spy Cookie: xren_cj cookie
06:34: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
06:34: Found Spy Cookie: xiti cookie
06:34: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
06:34: Found Spy Cookie: webpower cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
06:34: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
06:34: Found Spy Cookie: tribalfusion cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
06:34: Found Spy Cookie: dealtime cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
06:34: Found Spy Cookie: webtrends cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
06:34: Found Spy Cookie: humanclick cookie
06:34: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
06:34: Found Spy Cookie: gamespy cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
06:34: Found Spy Cookie: bizrate cookie
06:34: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
06:34: Found Spy Cookie: atlas dmt cookie
06:34: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
06:34: Found Spy Cookie: about cookie
06:34: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
06:34: Found Spy Cookie: 190dotcom cookie
06:34: Starting Cookie Sweep
06:34: Registry Sweep Complete, Elapsed Time:00:02:34
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
06:34: Found Adware: whenu
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
06:34: Found Adware: elitebar
06:33: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
06:33: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
06:33: HKCR\vsenchancer.chl\ (ID = 1519747)
06:33: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
06:33: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
06:33: Found Adware: spyware quake
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
06:33: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
06:33: HKCR\media-codec.chl\ (ID = 1247790)
06:33: Found Trojan Horse: trojan-downloader-zlob
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
06:33: Found Adware: popuper
06:33: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
06:33: Found Trojan Horse: trojan-downloader-ruin
06:31: Starting Registry Sweep
06:31: Memory Sweep Complete, Elapsed Time: 00:14:41
06:17: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
06:17: Starting Memory Sweep
06:16: Start Full Sweep
06:16: Sweep initiated using definitions version 808
06:16: Spy Sweeper 5.2.3.2125 started
06:16: | Start of Session, 24 November 2006 |
********
06:16: | End of Session, 24 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
06:11: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:09: Shield States
06:08: Spyware Definitions: 808
06:08: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
06:07: Spy Sweeper 5.2.3.2125 started
17:32: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
17:31: Shield States
17:31: Spyware Definitions: 808
17:31: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
17:30: Spy Sweeper 5.2.3.2125 started
11:56: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:54: Shield States
11:53: Spyware Definitions: 808
11:53: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
11:50: Spy Sweeper 5.2.3.2125 started
09:16: | End of Session, 23 November 2006 |
08:49: Your virus definitions have been updated.
08:49: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
08:46: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
08:32: Shield States
08:30: Spyware Definitions: 808
08:30: Warning: Virus definitions files are invalid, please update your virus definitions. 220
08:28: Spy Sweeper 5.2.3.2125 started
07:24: Starting File Sweep
07:24: Warning: Failed to access drive A:
07:24: Cookie Sweep Complete, Elapsed Time: 00:00:04
07:24: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
07:24: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
07:24: Found Spy Cookie: xren_cj cookie
07:24: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
07:24: Found Spy Cookie: xiti cookie
07:24: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
07:24: Found Spy Cookie: webpower cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
07:24: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
07:24: Found Spy Cookie: tribalfusion cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
07:24: Found Spy Cookie: dealtime cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
07:24: Found Spy Cookie: webtrends cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
07:24: Found Spy Cookie: humanclick cookie
07:24: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
07:24: Found Spy Cookie: gamespy cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
07:24: Found Spy Cookie: bizrate cookie
07:24: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
07:24: Found Spy Cookie: about cookie
07:24: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
07:24: Found Spy Cookie: 190dotcom cookie
07:24: Starting Cookie Sweep
07:24: Registry Sweep Complete, Elapsed Time:00:02:20
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
07:24: Found Adware: whenu
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
07:24: Found Adware: elitebar
07:23: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
07:23: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
07:23: HKCR\vsenchancer.chl\ (ID = 1519747)
07:23: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
07:23: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
07:23: Found Adware: spyware quake
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
07:23: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
07:23: HKCR\media-codec.chl\ (ID = 1247790)
07:23: Found Trojan Horse: trojan-downloader-zlob
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
07:23: Found Adware: popuper
07:23: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
07:23: Found Trojan Horse: trojan-downloader-ruin
07:22: Starting Registry Sweep
07:22: Memory Sweep Complete, Elapsed Time: 00:13:44
07:08: Starting Memory Sweep
07:08: Start Full Sweep
07:08: Sweep initiated using definitions version 808
07:08: Spy Sweeper 5.2.3.2125 started
07:08: | Start of Session, 23 November 2006 |
********
09:37: None
09:37: Traces Found: 0
09:37: Memory Sweep Complete, Elapsed Time: 00:17:57
09:37: Sweep Canceled
09:20: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
09:19: Starting Memory Sweep
09:16: Start Quick Sweep
09:16: Sweep initiated using definitions version 808
09:16: Spy Sweeper 5.2.3.2125 started
09:16: | Start of Session, 23 November 2006 |
********
12:18: Starting File Sweep
12:18: Warning: Failed to access drive A:
12:18: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:18: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
12:18: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
12:18: Found Spy Cookie: xren_cj cookie
12:18: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
12:18: Found Spy Cookie: xiti cookie
12:18: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
12:18: Found Spy Cookie: webpower cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
12:18: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
12:18: Found Spy Cookie: tribalfusion cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
12:18: Found Spy Cookie: dealtime cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
12:18: Found Spy Cookie: webtrends cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
12:18: Found Spy Cookie: humanclick cookie
12:18: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
12:18: Found Spy Cookie: gamespy cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
12:18: Found Spy Cookie: bizrate cookie
12:18: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
12:18: Found Spy Cookie: about cookie
12:18: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
12:18: Found Spy Cookie: 190dotcom cookie
12:18: Starting Cookie Sweep
12:18: Registry Sweep Complete, Elapsed Time:00:02:18
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
12:17: Found Adware: whenu
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
12:17: Found Adware: elitebar
12:17: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
12:17: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
12:17: HKCR\vsenchancer.chl\ (ID = 1519747)
12:17: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
12:17: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
12:17: Found Adware: spyware quake
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
12:17: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
12:17: HKCR\media-codec.chl\ (ID = 1247790)
12:17: Found Trojan Horse: trojan-downloader-zlob
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
12:17: Found Adware: popuper
12:17: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
12:17: Found Trojan Horse: trojan-downloader-ruin
12:15: Starting Registry Sweep
12:15: Memory Sweep Complete, Elapsed Time: 00:18:05
11:57: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
11:57: Starting Memory Sweep
11:56: Start Full Sweep
11:56: Sweep initiated using definitions version 808
11:56: Spy Sweeper 5.2.3.2125 started
11:56: | Start of Session, 23 November 2006 |
********
05:47: Sweep Canceled
19:43: Warning: AntiVirus engine returned [Access Denied] on [c:\windows\temp\~sraxdir.tmp\tmp13b.tmp]
18:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
18:42: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
18:37: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
18:34: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
18:33: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
18:07: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
17:54: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
17:50: Starting File Sweep
17:50: Warning: Failed to access drive A:
17:50: Cookie Sweep Complete, Elapsed Time: 00:00:01
17:50: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
17:50: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
17:50: Found Spy Cookie: xren_cj cookie
17:50: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
17:50: Found Spy Cookie: xiti cookie
17:50: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
17:50: Found Spy Cookie: webpower cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
17:50: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
17:50: Found Spy Cookie: tribalfusion cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
17:50: Found Spy Cookie: dealtime cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
17:50: Found Spy Cookie: webtrends cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
17:50: Found Spy Cookie: humanclick cookie
17:50: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
17:50: Found Spy Cookie: gamespy cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
17:50: Found Spy Cookie: bizrate cookie
17:50: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
17:50: Found Spy Cookie: atlas dmt cookie
17:50: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
17:50: Found Spy Cookie: about cookie
17:50: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
17:50: Found Spy Cookie: 190dotcom cookie
17:50: Starting Cookie Sweep
17:50: Registry Sweep Complete, Elapsed Time:00:01:33
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
17:49: Found Adware: whenu
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
17:49: Found Adware: elitebar
17:49: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
17:49: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
17:49: HKCR\vsenchancer.chl\ (ID = 1519747)
17:49: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
17:49: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
17:49: Found Adware: spyware quake
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
17:49: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
17:49: HKCR\media-codec.chl\ (ID = 1247790)
17:49: Found Trojan Horse: trojan-downloader-zlob
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
17:49: Found Adware: popuper
17:49: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
17:49: Found Trojan Horse: trojan-downloader-ruin
17:48: Starting Registry Sweep
17:48: Memory Sweep Complete, Elapsed Time: 00:15:49
17:32: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
17:32: Starting Memory Sweep
17:32: Start Full Sweep
17:32: Sweep initiated using definitions version 808
17:32: Spy Sweeper 5.2.3.2125 started
17:32: | Start of Session, 23 November 2006 |
********
07:08: | End of Session, 23 November 2006 |
07:05: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
07:05: Your definitions are up to date.
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
06:54: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
06:54: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
06:18: Warning: The handle is invalid
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:18: Shield States
06:17: Spyware Definitions: 808
06:17: Warning: Virus definitions files are invalid, please update your virus definitions. 220
06:16: Spy Sweeper 5.2.3.2125 started
21:49: | End of Session, 22 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
21:45: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
21:37: Shield States
21:36: Spyware Definitions: 808
21:36: Warning: Virus definitions files are invalid, please update your virus definitions. 220
21:34: Spy Sweeper 5.2.3.2125 started
18:38: | End of Session, 22 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
18:27: Shield States
18:16: Spyware Definitions: 790
18:16: Warning: Virus definitions files are invalid, please update your virus definitions. 220
18:14: Spy Sweeper 5.2.3.2125 started
18:14: Spy Sweeper 5.2.3.2125 started
18:14: | Start of Session, 22 November 2006 |
********
21:17: Quarantining All Traces: trojan-downloader-ruin
21:17: Quarantining All Traces: elitebar
21:17: Removal process initiated
20:21: Traces Found: 30
20:21: Full Sweep has completed. Elapsed time 01:43:02
20:21: File Sweep Complete, Elapsed Time: 01:27:41
Not enough storage is available to process this command
20:05: Warning: Unable to sweep compressed file: System Error. Code: 8.
19:42: Warning: Failed to access drive Q:
19:29: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0877nav~.tmp". The operation completed successfully
18:53: Starting File Sweep
18:53: Warning: Failed to access drive A:
18:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
18:53: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
18:53: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
18:53: Found Spy Cookie: xren_cj cookie
18:53: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
18:53: Found Spy Cookie: xiti cookie
18:53: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
18:53: Found Spy Cookie: webpower cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
18:53: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
18:53: Found Spy Cookie: tribalfusion cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
18:53: Found Spy Cookie: dealtime cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
18:53: Found Spy Cookie: webtrends cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
18:53: Found Spy Cookie: humanclick cookie
18:53: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
18:53: Found Spy Cookie: gamespy cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
18:53: Found Spy Cookie: bizrate cookie
18:53: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
18:53: Found Spy Cookie: about cookie
18:53: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
18:53: Found Spy Cookie: 190dotcom cookie
18:53: Starting Cookie Sweep
18:53: Registry Sweep Complete, Elapsed Time:00:01:21
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
18:53: Found Adware: whenu
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
18:53: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
18:53: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
18:53: HKCR\vsenchancer.chl\ (ID = 1519747)
18:53: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
18:53: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
18:53: Found Adware: spyware quake
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
18:53: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
18:53: HKCR\media-codec.chl\ (ID = 1247790)
18:53: Found Trojan Horse: trojan-downloader-zlob
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
18:53: Found Adware: popuper
18:53: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
18:53: Found Trojan Horse: trojan-downloader-ruin
18:52: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
18:52: Found Adware: elitebar
18:52: Starting Registry Sweep
18:52: Memory Sweep Complete, Elapsed Time: 00:13:17
18:38: Starting Memory Sweep
18:38: Start Full Sweep
18:38: Sweep initiated using definitions version 808
18:38: Spy Sweeper 5.2.3.2125 started
18:38: | Start of Session, 22 November 2006 |
********
22:05: Starting File Sweep
22:05: Warning: Failed to access drive A:
22:05: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:05: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
22:05: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
22:05: Found Spy Cookie: xren_cj cookie
22:05: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
22:05: Found Spy Cookie: xiti cookie
22:05: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
22:05: Found Spy Cookie: webpower cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2719)
22:05: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
22:05: Found Spy Cookie: tribalfusion cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2506)
22:05: Found Spy Cookie: dealtime cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 3669)
22:05: Found Spy Cookie: webtrends cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2810)
22:05: Found Spy Cookie: humanclick cookie
22:05: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
22:05: Found Spy Cookie: gamespy cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\[email protected][1].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
22:05: Found Spy Cookie: bizrate cookie
22:05: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
22:05: Found Spy Cookie: about cookie
22:05: c:\documents and settings\john\cookies\[email protected][2].txt (ID = 1936)
22:05: Found Spy Cookie: 190dotcom cookie
22:05: Starting Cookie Sweep
22:04: Registry Sweep Complete, Elapsed Time:00:01:30
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
22:04: Found Adware: whenu
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
22:04: Found Adware: elitebar
22:04: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
22:04: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
22:04: HKCR\vsenchancer.chl\ (ID = 1519747)
22:04: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
22:04: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
22:04: Found Adware: spyware quake
22:04: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
22:04: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
22:04: HKCR\media-codec.chl\ (ID = 1247790)
22:04: Found Trojan Horse: trojan-downloader-zlob
22:03: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
22:03: Found Adware: popuper
22:03: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
22:03: Found Trojan Horse: trojan-downloader-ruin
22:03: Starting Registry Sweep
22:03: Memory Sweep Complete, Elapsed Time: 00:13:30
21:49: Starting Memory Sweep
21:49: Start Full Sweep
21:49: Sweep initiated using definitions version 808
21:49: Spy Sweeper 5.2.3.2125 started
21:49: | Start of Session, 22 November 2006 |
********

It did it ok this time without having to start in safe mode.
Johnny

#12
MFDnSC

Posted 25 November 2006 - 08:47 AM

Banned

Banned
1,137 posts

Post a new hijack log - how are things??

#13
JohnnyG

Posted 26 November 2006 - 07:41 AM

Member

Topic Starter
Member
25 posts

Sorry, forgot about the Hijack log. I've also managed to fully run the fixwareout thing now, so have included the report from that too.

To be honest, the computer's still mostly really bad. It takes about 20 minutes from starting the computer for it to be usuable, while it loads everything. Opening anything - ie Internet explorer, Word etc - takes at least 2 minutes, accompanied by lots of churning noises. Everything else also seems still so much slower than it used to. Generally during a day the computer will kind of 'stick' or 'lock' about 4 or 5 times, and I'll have to turn it off at the wall and start it up again. Outlook Explorer is usually so slow it ends up having a number of 'POP3 server is not responding - wait or Stop' messages. And if I try and open 2 things at once - ie Internet explorer and Word, it inevitably 'sticks' and takes an absolute age to work through anything.

I don't know if there's anything obviously still wrong from any of the logs. Thanks for your continued help though.
JOhnny

Fixwareout log:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

-----------------------------------------------------------------------------------

Most recent HIjackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:39:49, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159292926359
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://static.one2on...WMOggPlayer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by JohnnyG, 26 November 2006 - 07:42 AM.

#14
MFDnSC

Posted 26 November 2006 - 10:23 AM

Banned

Banned
1,137 posts

You have Norton and AVG AV's - remove one - I'd suggest Norton

Add remove programs - remove Ewido - AVG AS is the replacement for Ewido

Fix this entry

O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe

#15
JohnnyG

Posted 27 November 2006 - 01:56 AM

Member

Topic Starter
Member
25 posts

Ah, that seems to be a lot better. Can 2 AV's not really work together well then? Do you mind me askingt, why would you suggest the AVG over the Norton, and does that mean it would be better to get rid if the Norton AV and Internet Security altogether, or just the AV bit?

Thanks for all your help, its so nice having a usable computer back!
Johnny